Overview

overview

10

Static

static

Attachments.lnk

windows7_x64

10

Attachments.lnk

windows10-2004_x64

10

DumpStack.dll

windows7_x64

1

DumpStack.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    BazarLoader ISO.iso

  • Size

    270KB

  • Sample

    220321-kdmpwsaeb5

  • MD5

    b1bde76849fc4801a0369c7097600863

  • SHA1

    2050daf2e7882297afdd549b61d70d27e79fd836

  • SHA256

    9fdec91231fe3a709c8d4ec39e25ce8c55282167c561b14917b52701494ac269

  • SHA512

    4d855c7dcf6ce7d56dd976908e6a5d356ad04cad0df8280d74ce474c25e962142f0271408dc1a987951fe4679cbbc291b71f7d47b1b8f151d04970d74156a0b6

Score
10/10
bazarloaderdropperloader

Malware Config

Targets

    • Target

      Attachments.lnk

    • Size

      1KB

    • MD5

      e87e52db1aa360baf8444c5524dd2b26

    • SHA1

      b89d0c4568c74f03ec3e1917c22a83c37409b10a

    • SHA256

      6497223d35530f2e510382aa1866b83ffaf215213b8080b7ecb299b6e7e3e6b1

    • SHA512

      e93d7808c29ec45569382ee5bd2f50a41c0cf1c1d2cbb909d5aec2abf166f0ad87b672eaa4a1c00b28eb31faf55f1a254d8ab842bcb4d22dd750b26926e7c64a

    Score
    10/10
    bazarloaderdropperloader

    • Bazar Loader

      Detected loader normally used to deploy BazarBackdoor malware.

      loaderdropperbazarloader

    • Bazar/Team9 Loader payload

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

    • Target

      DumpStack.log

    • Size

      217KB

    • MD5

      f7047fdbd3cd218b55cf4e2d6b9fb4f0

    • SHA1

      a9c1e9a78934c9cfa2dbb6562ca8cdb9d67bbb05

    • SHA256

      4bc9368951402ceeeb84da58c82e02a4ea9e09f5a4425daf5094ea5d87a14e9a

    • SHA512

      950f4bde7f04a581496df019719074fa4516ce0bd7ace547a77bbb069467816b4c42236b6f23c4fd476ac74c907fa764861c9422c832c7910ed651b6445138f1

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks