Overview

overview

10

Static

static

b9a239b2a4...66.dll

windows7_x64

10

b9a239b2a4...66.dll

windows10_x64

10

Resubmissions

14-10-2021 12:24

211014-pk2vlshee8 10

14-10-2021 12:18

211014-pglzzshee4 10

14-10-2021 12:11

211014-pczehshed5 10

14-10-2021 08:35

211014-kg9ntsgfcm 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866

  • Size

    412KB

  • Sample

    211014-pk2vlshee8

  • MD5

    d2ce8c98663fdb708eebe135d0698e2f

  • SHA1

    226acd6a8c0b85d97d3a857ff97609bf78111c20

  • SHA256

    b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866

  • SHA512

    6ce3ee9aa0b2036f48cca0e1a85decbe338bf3a37790842f8a6665e1d3fa79d1b9e7e93857dbd6eaa4e2f6c27868cd7bebff0cce3f1f897881d921ca6a7d4f42

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866

    • Size

      412KB

    • MD5

      d2ce8c98663fdb708eebe135d0698e2f

    • SHA1

      226acd6a8c0b85d97d3a857ff97609bf78111c20

    • SHA256

      b9a239b2a4529fb7b9af59f566a023370b0a7731eaed40c971da4ab63e53b866

    • SHA512

      6ce3ee9aa0b2036f48cca0e1a85decbe338bf3a37790842f8a6665e1d3fa79d1b9e7e93857dbd6eaa4e2f6c27868cd7bebff0cce3f1f897881d921ca6a7d4f42

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Tries to connect to .bazar domain

      Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks