bazarloader | 7000ec866763706f0244525b0951606dd9a18f3acfb338b13cc8b4ef437a814f | Triage

Submit
Reports

Overview

overview

Static

static

myLadyYou.hta

windows7_x64

myLadyYou.hta

windows10_x64

Sharing

General

Target

myLadyYou.hta
Size

3KB
Sample

211022-3tphjaceg2
MD5

c61438c62ed2365acf96666d60693f7f
SHA1

fb6a583b20018529b1a582aefed72610ebee0e15
SHA256

7000ec866763706f0244525b0951606dd9a18f3acfb338b13cc8b4ef437a814f
SHA512

9d11669828022f409f68623a3a29343b11b78d3449b099439f23b1b00785209496776dbae5c7dd310af2306bfb673e9e118dd200a82a7146c51ff716ac694c0c

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

myLadyYou.hta

Resource

win7-en-20211014

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

myLadyYou.hta

Resource

win10-en-20211014

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  myLadyYou.hta
- Size
  
  3KB
- MD5
  
  c61438c62ed2365acf96666d60693f7f
- SHA1
  
  fb6a583b20018529b1a582aefed72610ebee0e15
- SHA256
  
  7000ec866763706f0244525b0951606dd9a18f3acfb338b13cc8b4ef437a814f
- SHA512
  
  9d11669828022f409f68623a3a29343b11b78d3449b099439f23b1b00785209496776dbae5c7dd310af2306bfb673e9e118dd200a82a7146c51ff716ac694c0c
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy