bazarloader | 210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0 | Triage

Submit
Reports

Overview

overview

Static

static

dl8.exe

windows7_x64

6

dl8.exe

windows10_x64

Resubmissions

08-04-2021 06:31

210408-rf4c3mtwdx 10

07-04-2021 04:47

210407-l95ennpj9x 8

Sharing

General

Target

dl8.exe
Size

271KB
Sample

210408-rf4c3mtwdx
MD5

0a6e27aa3415f502af6585bddf7e0d3e
SHA1

a8bdb01ef8a6e75ec200c5d4f6d9f32539dca9f2
SHA256

210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
SHA512

abd3b3d4e6251fe5231bf45186b43cb1d4aa5dc36fd79e71e4bf010d9adfbf2c6837d4606795be97a00911cd5d06326d7ed38656dbe7827ed33a59b0f140d479

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

dl8.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dl8.exe

Resource

win10v20201028

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  dl8.exe
- Size
  
  271KB
- MD5
  
  0a6e27aa3415f502af6585bddf7e0d3e
- SHA1
  
  a8bdb01ef8a6e75ec200c5d4f6d9f32539dca9f2
- SHA256
  
  210c46aae3d71ecbac79447d124d895dded804c08342b17258cd4b400b0bebe0
- SHA512
  
  abd3b3d4e6251fe5231bf45186b43cb1d4aa5dc36fd79e71e4bf010d9adfbf2c6837d4606795be97a00911cd5d06326d7ed38656dbe7827ed33a59b0f140d479
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy