bazarloader | 5ceb28316f29c3912332065eeaaebf59f10d79cd9388ef2a7802b9bb80d797be | Triage

Sharing

General

Target

malware.iso
Size

270KB
Sample

220323-sarhnsccfj
MD5

8331d179757bc08eca2916237fd66ef1
SHA1

057077d1f32a756492dfe18baff53ca6dd31a378
SHA256

5ceb28316f29c3912332065eeaaebf59f10d79cd9388ef2a7802b9bb80d797be
SHA512

fb48821ee4ab6687d952122d3f3659f4fa8c53dd67ac565ce72bd0228913b55c454d21e3e33a7e1390a48889a47e712cf889189400b6e8c38b9de74e858ee1f6

Score

10^/10

bazarloader dropper loader

Malware Config

Targets

- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  e87e52db1aa360baf8444c5524dd2b26
- SHA1
  
  b89d0c4568c74f03ec3e1917c22a83c37409b10a
- SHA256
  
  6497223d35530f2e510382aa1866b83ffaf215213b8080b7ecb299b6e7e3e6b1
- SHA512
  
  e93d7808c29ec45569382ee5bd2f50a41c0cf1c1d2cbb909d5aec2abf166f0ad87b672eaa4a1c00b28eb31faf55f1a254d8ab842bcb4d22dd750b26926e7c64a
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  DumpStack.log
- Size
  
  216KB
- MD5
  
  85326ee9659fc5bf82c6d71b74f02684
- SHA1
  
  f2bd6c53e806861256285bb1c0d51312a10267a8
- SHA256
  
  ca3c7c4b570751c0dbf9063a23035967dfca4a2c7a8ce6bb2997439257ac6f10
- SHA512
  
  43b621dc4169a370241423c3775a1ac9ea83fb4df73111cb396b149f79a9d51122c5f3f8f1158482feefe62d45af741d04540e4578f84e613f0a5c668d41cf0b
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

behavioral3

behavioral4