bazarloader | b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb | Triage

Sharing

General

Target

fileman.pdf
Size

213KB
Sample

220411-dmebjsgcfj
MD5

6f3be0dfe6b5971b16464b7924772445
SHA1

8af5e975c00f5bdbd843f644a60adbb5f8da8a0d
SHA256

b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb
SHA512

a1a8d49ec7610c37284a2e9f7409f1f93343c7d9c676985b9a3759388835880e7e376451e89294654cb4fc0f6c6386876896da50347c8bc4a98b80b1825cd5ef

Score

10^/10

bazarloader dropper loader

Malware Config

Extracted

Family

bazarloader

C2

148.163.42.213

5.255.102.10

188.127.235.177

23.160.193.221

reddew28c.bazar

bluehail.bazar

whitestorm9p.bazar

Targets

- Target
  
  fileman.pdf
- Size
  
  213KB
- MD5
  
  6f3be0dfe6b5971b16464b7924772445
- SHA1
  
  8af5e975c00f5bdbd843f644a60adbb5f8da8a0d
- SHA256
  
  b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb
- SHA512
  
  a1a8d49ec7610c37284a2e9f7409f1f93343c7d9c676985b9a3759388835880e7e376451e89294654cb4fc0f6c6386876896da50347c8bc4a98b80b1825cd5ef
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader