bazarloader | fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68 | Triage

Analysis

max time kernel
187s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
08-05-2022 22:43

Sharing

Report Analysis Logs

General

Target

fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe
Size

250KB
MD5

b8dd3183755b57f5e18f29a0430b481e
SHA1

42485407433474d4fd2b6880eef4b49fa6c277d9
SHA256

fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68
SHA512

8362fa5a3c3563b470ba06b49cfb662b7e114d77481bf656af3a1e71666ef26ad8d758776f075fe9c0634456f5c0b4a360016a75a3967b766cde8ab0449f5d31

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader
Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

description flow ioc

HTTP URL 43 https://62.108.35.194/api/v97

C:\Users\Admin\AppData\Local\Temp\fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe
"C:\Users\Admin\AppData\Local\Temp\fd47e20c094a1e23079eee41440b971162c1df668315b5e882c12805b9ec0c68.exe"
1⤵
PID:624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/624-130-0x00000000004D0000-0x00000000004FD000-memory.dmp

Filesize
180KB

Download
memory/624-134-0x0000000000500000-0x000000000052C000-memory.dmp

Filesize
176KB

Download
memory/624-140-0x00000000001C0000-0x00000000001EB000-memory.dmp

Filesize
172KB

Download