General
Static task
static1
URLScan task
urlscan1
Sample
https://officesupply.com
Malware Config
Targets
-
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
Bazar/Team9 Loader payload
-
Executes dropped EXE
-
Tries to connect to .bazar domain
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext