bazarloader | dfbd75635b50926cf864349f436e8baf625881c2fd8cf9267d277d0b11dcc90b | Triage

Sharing

General

Target

2b975f9e33ce44329dbc74941536432a
Size

245KB
Sample

210401-g6tx7bhgde
MD5

2b975f9e33ce44329dbc74941536432a
SHA1

22b0cd47fdc5b6b99812779f2d02ccb2ecc46705
SHA256

dfbd75635b50926cf864349f436e8baf625881c2fd8cf9267d277d0b11dcc90b
SHA512

ea718aa960d35e36345b5750e030fac0e1a91a59e2e7c6373149d0a183bbc41e70244836257b4c4e22f45b509a2f541db80e106568623ae5b9b1cb3186d5a951

Score

10^/10

bazarloader dropper loader persistence

Malware Config

Targets

- Target
  
  2b975f9e33ce44329dbc74941536432a
- Size
  
  245KB
- MD5
  
  2b975f9e33ce44329dbc74941536432a
- SHA1
  
  22b0cd47fdc5b6b99812779f2d02ccb2ecc46705
- SHA256
  
  dfbd75635b50926cf864349f436e8baf625881c2fd8cf9267d277d0b11dcc90b
- SHA512
  
  ea718aa960d35e36345b5750e030fac0e1a91a59e2e7c6373149d0a183bbc41e70244836257b4c4e22f45b509a2f541db80e106568623ae5b9b1cb3186d5a951
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence