Overview

overview

10

Static

static

Documents.lnk

windows7_x64

10

Documents.lnk

windows10_x64

10

SharedFiles.dll

windows7_x64

SharedFiles.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    new-documents-2017.iso

  • Size

    654KB

  • Sample

    211026-gs97ysghd4

  • MD5

    3edbbc1c83b1445ebb3b1175a842995d

  • SHA1

    6c1a08a02702539d7f39b77893ad3d101c5da4d5

  • SHA256

    c2873cb1d6682cfef6594a70ea3ff63597f3e99333d85a546b712a07170d5c7e

  • SHA512

    e34cced88a2b8b201e6f833d93a6e8b4991634aafa5e58acc7da66d961d90be848cf8f9a51e4a386c0cafc0c63d4dcd30b2f96205244551d7531accd7ca06760

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      Documents.lnk

    • Size

      1KB

    • MD5

      4d8af5ba95aa23f7162b7bbf8622d801

    • SHA1

      d5b8c1a219686be5b75e58c560609023b491d9aa

    • SHA256

      e87f9f378590b95de1b1ef2aaab84e1d00f210fd6aaf5025d815f33096c9d162

    • SHA512

      f64416dbce111afe375efe031b05ed5b5b5c00c956d3c419d733147e4f0e751a60f3a22c72c36d45841abf85013c9647c6dc040cdd3d56c9b8cc35bccfd60d2c

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    behavioral1behavioral2

    • Target

      SharedFiles.dll

    • Size

      601KB

    • MD5

      5dbc864102735edc9510f5c538bb2617

    • SHA1

      b4610f76e99b79186fc0cc35be3cec87eaf952b2

    • SHA256

      62dbb1b890b84038a9eac3622f145a791f8ae8d3ba02b2e609282bee0de76329

    • SHA512

      1f0ff313736dea4b0c279ea138e763c2b876190fa9d34b1e07b100c5db33f963bdb2634e23994866d91e9074f0cf4822541c3530663d7605bf2162ab425fe9c0

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks