bazarloader | 291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b | Triage

Sharing

General

Target

rt3ret3.exe
Size

236KB
Sample

210401-s8k19w3r2a
MD5

efa4b2e7d7016a1f80efff5840de3a18
SHA1

04606786daa6313867c7ada1f0c9c925d9b602fb
SHA256

291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b
SHA512

11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced

Score

10^/10

bazarloader dropper loader persistence

Malware Config

Targets

- Target
  
  rt3ret3.exe
- Size
  
  236KB
- MD5
  
  efa4b2e7d7016a1f80efff5840de3a18
- SHA1
  
  04606786daa6313867c7ada1f0c9c925d9b602fb
- SHA256
  
  291c573996c647508544e8e21bd2764e6e4c834d53d6d2c8903a0001c783764b
- SHA512
  
  11446166922efb329d547ce329fb3ed70a3a99c1c037533beaecefd16d4a67c9dc9201592b0428a06fd956e4bb5caf3f7997a86200792e3e29a041f0963b2ced
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence