bazarloader | f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37 | Triage

Submit
Reports

Overview

overview

Static

static

f138e7c58f...37.exe

windows7_x64

f138e7c58f...37.exe

windows10-2004_x64

Sharing

General

Target

f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37
Size

76KB
Sample

220508-s7krdsebgp
MD5

5e13bc98285bd873d1053bbcee71f3f6
SHA1

1d3b3a616ceaeed0554ccbd99d9addca97592ab3
SHA256

f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37
SHA512

d9a12c762b053340d1dde88363694d80318c2d2f00492dcc7f0dd0fcee3a54c9324bae02fd282d6914dffcfb9a8aa40d2f0584af2eeaf4252f1e0ead460be04a

Score

10^/10

bazarloader dropper loader persistence

Static task

static1

Behavioral task

behavioral1

Sample

f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37.exe

Resource

win7-20220414-en

bazarloader dropper loader persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37.exe

Resource

win10v2004-20220414-en

bazarloader dropper loader persistence

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37
- Size
  
  76KB
- MD5
  
  5e13bc98285bd873d1053bbcee71f3f6
- SHA1
  
  1d3b3a616ceaeed0554ccbd99d9addca97592ab3
- SHA256
  
  f138e7c58f0c5fe76fafc30584c4b37a53961be93aa1e1fb611a9ee416eb6a37
- SHA512
  
  d9a12c762b053340d1dde88363694d80318c2d2f00492dcc7f0dd0fcee3a54c9324bae02fd282d6914dffcfb9a8aa40d2f0584af2eeaf4252f1e0ead460be04a
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloaderpersistence

behavioral2

bazarloaderdropperloaderpersistence

© 2018-2024

Terms | Privacy