bazarloader | a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266 | Triage

Submit
Reports

Overview

overview

Static

static

a0e3012469...66.exe

windows7_x64

a0e3012469...66.exe

windows10-2004_x64

Sharing

General

Target

a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266
Size

603KB
Sample

220329-af2lqaghh9
MD5

dac91ccf0929071e9db5b75be0f6a3a6
SHA1

466b804c1c95145f7a5d06cee956610c16951372
SHA256

a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266
SHA512

ac17c66d673306603d4d5c5bde77131e09fd754f4367006f85abf846303a03ac65d356ee6151afc1b696ba23d6d9446410760187ed236e01633590ac3753ea69

Score

10^/10

bazarloader dropper loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266.exe

Resource

win7-20220311-en

bazarloader dropper loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266.exe

Resource

win10v2004-20220310-en

bazarloader dropper loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266
- Size
  
  603KB
- MD5
  
  dac91ccf0929071e9db5b75be0f6a3a6
- SHA1
  
  466b804c1c95145f7a5d06cee956610c16951372
- SHA256
  
  a0e3012469e311703c367ab48c15193f9406aa4026e40ed46de966c1cbd4e266
- SHA512
  
  ac17c66d673306603d4d5c5bde77131e09fd754f4367006f85abf846303a03ac65d356ee6151afc1b696ba23d6d9446410760187ed236e01633590ac3753ea69
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence

© 2018-2024

Terms | Privacy