2021-11-24 (WEDNESDAY) - "GIGI" CAMPAIGN PUSHES BAZARLOADER, LEADS TO ICEDID
ASSOCIATED FILES:
- 2021-11-24-IOCS-for-Gigi-BazarLoader-and-IcedID.txt.zip 2.1 kB (2,069 bytes)
- 2021-11-24-Gigi-BazarLoader-with-IcedID.pcap.zip 10.2 MB (10,178,589 bytes)
- 2021-11-24-Gigi-BazarLoader-and-IcedID-malware-and-artifacts.zip 2.7 MB (2,743,689 bytes)
NOTES:
- All zip archives on this site are password-protected. If you don't know the password, see the "about" page of this website.
IMAGES
Shown above: Screenshot from an email from this campaign.
Shown above: Link in the email led to a OneDrive URL hosting malware.
Shown above: Use password from the email to access and open the VBS file.
Shown above: The VBS file eventually dropped BazarLoader DLL with .mpeg file extension.
Shown above: Process Hacker showed "gigi" as entrypoint for BazarLoader DLL.
Shown above: Traffic from the infection filtered in Wireshark.
Click here to return to the main page.