Overview

overview

10

Static

static

baza-or-cs.dll

windows7_x64

10

baza-or-cs.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    baza-or-cs.dll

  • Size

    153KB

  • Sample

    210716-v4jh8hf6ea

  • MD5

    ea3612919bf05b66e9a608bee742a422

  • SHA1

    032747a1658fea7f8d624c11ae965f3218f96909

  • SHA256

    fd001fb71e9faa68c6e53162ed0554fd6f16a0e381aa280cea397b3d74bb62eb

  • SHA512

    f2f049ef68cd5c06511dab2ef82a67e0aa44ac583ec5e84ec7cba1627f47c31a748ad58e1b065401b162a4266f753ac842efceef7cbe33efb0a9d8399365e2c7

Score
10/10
bazarbackdoorbazarloaderbackdoordropperloader

Malware Config

Targets

    • Target

      baza-or-cs.dll

    • Size

      153KB

    • MD5

      ea3612919bf05b66e9a608bee742a422

    • SHA1

      032747a1658fea7f8d624c11ae965f3218f96909

    • SHA256

      fd001fb71e9faa68c6e53162ed0554fd6f16a0e381aa280cea397b3d74bb62eb

    • SHA512

      f2f049ef68cd5c06511dab2ef82a67e0aa44ac583ec5e84ec7cba1627f47c31a748ad58e1b065401b162a4266f753ac842efceef7cbe33efb0a9d8399365e2c7

    Score
    10/10
    bazarbackdoorbazarloaderbackdoordropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • BazarBackdoor

      Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.

      backdoorbazarbackdoor

    • Bazar/Team9 Backdoor payload

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks