bazarloader | 6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e | Triage

Submit
Reports

Overview

overview

Static

static

6a35b2f502...5e.exe

windows7_x64

6a35b2f502...5e.exe

windows10-2004_x64

Sharing

General

Target

6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e
Size

603KB
Sample

220329-agqkvadbal
MD5

9a8c7ae7424367b8c24d5d70b9c1c867
SHA1

bc058fd1fc2cdc2522f2f17f980b2201951cb4ec
SHA256

6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e
SHA512

3235fd9ad888fbe95ddf6da8d75f0713e1a93b442027abc9f6d83ab9314e7981e699a3e5502568b26e9b403996fa63cee96ab360a1f5a770c1b1f495e5389deb

Score

10^/10

bazarloader dropper loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e.exe

Resource

win7-20220310-en

bazarloader dropper loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e.exe

Resource

win10v2004-en-20220113

bazarloader dropper loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e
- Size
  
  603KB
- MD5
  
  9a8c7ae7424367b8c24d5d70b9c1c867
- SHA1
  
  bc058fd1fc2cdc2522f2f17f980b2201951cb4ec
- SHA256
  
  6a35b2f502b3479b94ae120b537f36ba6a659d323d19869a690fe78aac2e275e
- SHA512
  
  3235fd9ad888fbe95ddf6da8d75f0713e1a93b442027abc9f6d83ab9314e7981e699a3e5502568b26e9b403996fa63cee96ab360a1f5a770c1b1f495e5389deb
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence

© 2018-2024

Terms | Privacy