bazarloader | 8db22092d66ef12fa07764a709ba60f7258e8d113f93e912890183da5dad2da1 | Triage

Submit
Reports

Overview

overview

Static

static

1.dll

windows7_x64

1.dll

windows10_x64

Documents.lnk

windows7_x64

Documents.lnk

windows10_x64

Sharing

General

Target

DOCUMENTS-REPORT-44.iso.zip
Size

292KB
Sample

211008-wqr1xsegd4
MD5

dd46d246cde6c4661a45c5e1bdc406bd
SHA1

2d5b8cb76857556af316587a915165009a403609
SHA256

8db22092d66ef12fa07764a709ba60f7258e8d113f93e912890183da5dad2da1
SHA512

349f0530aacd4667d250707f471e5ddc1fcb4649fbd333f239033e170ea5785143fe19bf7cf028867387b369a5f7bb2430dbe60ba91f8e751a5e91b4eb963d93

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

1.dll

Resource

win7v20210408

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1.dll

Resource

win10v20210408

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Documents.lnk

Resource

win7-en-20210920

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

Documents.lnk

Resource

win10v20210408

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  1.dll
- Size
  
  518KB
- MD5
  
  c0a88d8ea1c610384bc18bfa12407038
- SHA1
  
  0a3d5e68878afbe4fa9a154c005c9337bdf83faa
- SHA256
  
  e425d1aebf1de8798b6ce3e55a3767b47fc6678d6d3886dcb48932fd69474de7
- SHA512
  
  437c3416f8f11afd0ad4368fa8cc2e03ea9d99c718011afcf11c6ff2cc1c2f3156a050bae7d283e70483200cac576dea893b4878f17b2410c8ac8afe25f17685
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  Documents.lnk
- Size
  
  1KB
- MD5
  
  db8f42a798dd65d9bd8398c3e2564f06
- SHA1
  
  7df618ca8e5e21faf19ece8c2470f62af8e4ea15
- SHA256
  
  59b77f3b8d2e7d72c61d522a2bcabbe0b47be3b73e1a4001cb763589a656134c
- SHA512
  
  3533442932c0a796de82668f334f264b6aac4f3552eef535caeda4bb7d4feeb7d1789c09424ac3de506a8438ab9d19713ce0272816c5d8b4dd8ae545bc862053
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

behavioral3

bazarloaderdropperloader

behavioral4

bazarloaderdropperloader

© 2018-2024

Terms | Privacy