General
Target

htmlDefineFunc.jpg

Size

254KB

Sample

210804-2cgqvmlvlx

Score
10/10
MD5

94b1dd32c7b1f7a4d9d0dd7e4c301dd6

SHA1

17ec04d523899e9c63645aed68058404dbeeb557

SHA256

d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a

SHA512

4873dfc934f5f58d2ac187af1233ca34f0b04737e0cb9aea8a5639fc1fb413bab1d232d6e56e7b9df6260b07eb87de1a0bd3b7499566220d432ebd4879697a58

Malware Config
Targets
Target

htmlDefineFunc.jpg

MD5

94b1dd32c7b1f7a4d9d0dd7e4c301dd6

Filesize

254KB

Score
10/10
SHA1

17ec04d523899e9c63645aed68058404dbeeb557

SHA256

d384dfdd90da4645a8d74956534cfcef7fcbbf4ed654e61b3d27384616b4bc4a

SHA512

4873dfc934f5f58d2ac187af1233ca34f0b04737e0cb9aea8a5639fc1fb413bab1d232d6e56e7b9df6260b07eb87de1a0bd3b7499566220d432ebd4879697a58

Tags

Signatures

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

  • Tries to connect to .bazar domain

    Description

    Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          Score
                          N/A

                          behavioral1

                          Score
                          10/10

                          behavioral2

                          Score
                          10/10