bazarloader | 510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d | Triage

Submit
Reports

Overview

overview

Static

static

peju4.dll

windows7_x64

peju4.dll

windows10_x64

Sharing

General

Target

peju4
Size

840KB
Sample

211022-twb6jscgcm
MD5

c86d7d276cc517c34ff430b49551a91c
SHA1

5338ba42e2251f579aa31e0e5ce4dd98ba476f68
SHA256

510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d
SHA512

1097e57b42e32466e8d8b3d182d4643a9c92edbe0f741e051a9381e3b1e97317577f3c9e4ce0223f4542895f5b9ca358196fe0b817fd01ee46dbfb748fce8f4d

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

peju4.dll

Resource

win7-en-20210920

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

peju4.dll

Resource

win10-en-20211014

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  peju4
- Size
  
  840KB
- MD5
  
  c86d7d276cc517c34ff430b49551a91c
- SHA1
  
  5338ba42e2251f579aa31e0e5ce4dd98ba476f68
- SHA256
  
  510a27e3550669e6eea0d1fb8520b75416ec3595d5208e1c505d60e36af7477d
- SHA512
  
  1097e57b42e32466e8d8b3d182d4643a9c92edbe0f741e051a9381e3b1e97317577f3c9e4ce0223f4542895f5b9ca358196fe0b817fd01ee46dbfb748fce8f4d
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy