Malware sandboxing report by Hatching Triage

Target

iCoreBr.jpg

Size

1MB

Sample

210727-v3d6d2mxcs

Score

10^/10

MD5

132e6560ca121679635684e812586bba

SHA1

6f48b7929e65aac27f3bf3cce24c7ad40624dc74

SHA256

c882f778e40b276c90d467816deda7605d9955e4302aa6ab7467aeae3f155048

SHA512

3c3fd439c29e36a2ef174f82c4df36c89a87bbc2e280753166bc25b14b6066fc6b0eff7101e4b301e51722271b76ebdb79dbf58a201a7a4c8bcb64e708e6a4a5

Target

iCoreBr.jpg

MD5

132e6560ca121679635684e812586bba

Filesize

1MB

Score

10^/10

SHA1

6f48b7929e65aac27f3bf3cce24c7ad40624dc74

SHA256

c882f778e40b276c90d467816deda7605d9955e4302aa6ab7467aeae3f155048

SHA512

3c3fd439c29e36a2ef174f82c4df36c89a87bbc2e280753166bc25b14b6066fc6b0eff7101e4b301e51722271b76ebdb79dbf58a201a7a4c8bcb64e708e6a4a5

Signatures

Bazar Loader
Description

Detected loader normally used to deploy BazarBackdoor malware.
Tags

loader dropper bazarloader
Bazar/Team9 Loader payload
Loads dropped DLL
Adds Run key to start application
Tags

persistence

TTPs

Registry Run Keys / Startup FolderModify Registry

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

Discovery

Remote System Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

static1

Score

N/A

behavioral1

bazarloader dropper loader

Score

10^/10

behavioral2

bazarloader dropper loader persistence

Score

10^/10

Tags

Signatures

Bazar Loader

Description

Tags

Bazar/Team9 Loader payload

Loads dropped DLL

Adds Run key to start application

Tags

TTPs

Related Tasks

static1

behavioral1

behavioral2