bazarloader | c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165 | Triage

Analysis

max time kernel
148s
max time network
169s
platform
windows7_x64
resource
win7-20220414-en
submitted
08-05-2022 15:41

Sharing

Report Analysis Logs

General

Target

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
Size

154KB
MD5

46c63a1a5969b2021fc95e425667da5f
SHA1

2847bdb673cec997bbad1e074f36e23da3c4f2a5
SHA256

c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165
SHA512

1a57b1f77d724ad3b812e6845ded4021fd70f93dd1987294b9f1430bdd80d3a632daa41912989e8783aef6eb46159175cbc98c7de4da3a86f9b61ca6e7b8d93d

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader
Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

description flow ioc

HTTP URL 9 https://62.108.35.194/api/v153

C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe
"C:\Users\Admin\AppData\Local\Temp\c0d123fe19013e0f83ca596f0b584f79a90b5b389f512500eba56db382cea165.exe"
1⤵
PID:1796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1796-54-0x000007FEFBAA1000-0x000007FEFBAA3000-memory.dmp

Filesize
8KB

Download