2021-04-14-BazaLoader-spreadsheet-and-EXE.zip

General
Target

2021-04-14-BazaLoader-spreadsheet-and-EXE.zip

Size

413KB

Sample

210415-efgkmy9912

Score
10 /10
MD5

8ab1d5ae46037c804366d0b5cd3d6b2f

SHA1

9ffb63957a63a68fccafb70e37eb9c023b55f919

SHA256

e039822594278b0b37f3ceaa936cecc416197925407c13389b1d01b8be5a741b

SHA512

78eb38a45c3395803794b8bb89f1dbd76396820c7fb5b7f9c72adceee85a32dd100c803160394973b529a99e34ba903c7e9a02c8bbc4ea5b24ade776095b5425

Malware Config

Extracted

Language xlm4.0
Source
Targets
Target

bakjr.exe

MD5

bb5ef523f0bf243790b6c67dd77ee986

Filesize

248KB

Score
10 /10
SHA1

cbfe325c2101c5f76a3675b23b459eeb641eecb6

SHA256

c51bf8c74311b8941dca2f63a0850e61c1058af6af0ac42d81c2d85cd64d37cb

SHA512

eb9ffe004187d6174cf0cc2f85184e5a524546e1bc7139c1f16147049eadbd92f94818ea618370450779753c87d8349efe255244eef2450e16f9446799cdeef2

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • BazarBackdoor

    Description

    Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

    Tags

  • Bazar/Team9 Backdoor payload

  • Bazar/Team9 Loader payload

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

Target

subscription_1618420095.xlsb

MD5

dc37192b5c4c8c4f94c73c18ce5e3829

Filesize

254KB

Score
10 /10
SHA1

0aa6bb11a11dade2269d90b2781ed0a517362012

SHA256

db53f42e13d2685bd34dbc5c79fad637c9344e72e210ca05504420874e98c2a6

SHA512

3e8b179d8521fb33a46eeeca74bbda7a4e8a32f47b6195b17d62664dd2e31716261a61a495857ed08dbbc001a9eab8adec7133921179eb3df66c53e18c586d9a

Tags

Signatures

  • Nloader

    Description

    Simple loader that includes the keyword 'campo' in the URL used to download other families.

    Tags

  • Process spawned unexpected child process

    Description

    This typically indicates the parent process was compromised via an exploit or macro.

  • Nloader Payload

  • Blocklisted process makes network request

  • Loads dropped DLL

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      8/10

                      behavioral1

                      1/10

                      behavioral3

                      10/10

                      behavioral4

                      10/10