bazarloader | 2a46ff6e614f60b3166614e9f7f94d0b001cda9b8a2b296e917b0b6aa54dba12 | Triage

Submit
Reports

Overview

overview

Static

static

8

question.010.21.doc

windows7_x64

question.010.21.doc

windows10_x64

Sharing

General

Target

question.010.21.doc
Size

34KB
Sample

211021-q6rgfabcck
MD5

7a87ef713680cc71ba38945b305a9579
SHA1

08f858b709bea8c5e16bdd026338f02cb7605c88
SHA256

2a46ff6e614f60b3166614e9f7f94d0b001cda9b8a2b296e917b0b6aa54dba12
SHA512

91473bf2ea429e17198ec0dad53cd8323e4d9b520cf63a57857e45fef7edad823b29a648fcd4f166460a6b1bd43ccbcfe9c2c677d1c97d1885a6108c92cdaba0

Score

10^/10

bazarloader dropper loader macro suricata

Static task

static1

Behavioral task

behavioral1

Sample

question.010.21.doc

Resource

win7-en-20210920

bazarloader dropper loader suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

question.010.21.doc

Resource

win10-en-20211014

bazarloader dropper loader suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  question.010.21.doc
- Size
  
  34KB
- MD5
  
  7a87ef713680cc71ba38945b305a9579
- SHA1
  
  08f858b709bea8c5e16bdd026338f02cb7605c88
- SHA256
  
  2a46ff6e614f60b3166614e9f7f94d0b001cda9b8a2b296e917b0b6aa54dba12
- SHA512
  
  91473bf2ea429e17198ec0dad53cd8323e4d9b520cf63a57857e45fef7edad823b29a648fcd4f166460a6b1bd43ccbcfe9c2c677d1c97d1885a6108c92cdaba0
Score

10^/10

bazarloader dropper loader suricata
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Suspicious use of NtCreateUserProcessOtherParentProcess
- suricata: ET MALWARE BazaLoader Activity (GET)
  suricata: ET MALWARE BazaLoader Activity (GET)
  suricata
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloadersuricata

behavioral2

bazarloaderdropperloadersuricata

© 2018-2024

Terms | Privacy