bazarloader | 5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49 | Triage

Submit
Reports

Overview

overview

Static

static

5e169256d9...49.exe

windows7_x64

5e169256d9...49.exe

windows10-2004_x64

Sharing

General

Target

5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49
Size

312KB
Sample

220319-3kzl5scbfm
MD5

2044ffa237db8f249d7d4d29c56e7d21
SHA1

6d94758409cdba8b564fb42377397f90b1ebb0c7
SHA256

5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49
SHA512

bfb0bc83dab159c75677b13ec5a4e3fba57cc9f70cd5b712d888b7ce57f132b899d87e0e3c88eaa5c143c82a69b5fcb8b45f4c4b99a23f98e321f32b780563df

Score

10^/10

bazarloader dropper loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49.exe

Resource

win7-20220311-en

bazarloader dropper loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49.exe

Resource

win10v2004-en-20220113

bazarloader dropper loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

bazarloader

C2

54.193.186.118

13.57.15.8

Targets

- Target
  
  5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49
- Size
  
  312KB
- MD5
  
  2044ffa237db8f249d7d4d29c56e7d21
- SHA1
  
  6d94758409cdba8b564fb42377397f90b1ebb0c7
- SHA256
  
  5e169256d9b7ff85c9b2e2489945cb9deb66f44fecad16a7bfb36d3b31c2ab49
- SHA512
  
  bfb0bc83dab159c75677b13ec5a4e3fba57cc9f70cd5b712d888b7ce57f132b899d87e0e3c88eaa5c143c82a69b5fcb8b45f4c4b99a23f98e321f32b780563df
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence

© 2018-2024

Terms | Privacy