bazarloader | 28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3

General

Target

28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe
Size

5.7MB
MD5

ba54c9285faa654d9071fa8d2b3a0a84
SHA1

cdb4676ba2cf3cc21c3d7db315552756b4966b45
SHA256

28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3
SHA512

1e726e61fd552e8970c0cc66e13d519fdadb9b6becfdd67788cd131ec0172a174a67e9d9c43aad9f5563684a68b74d1f30aee69869abb6d95ae8a68d10b0ae6d

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 3 IoCs

Processes:

resource	yara_rule
behavioral1/memory/964-54-0x00000000008F0000-0x0000000000909000-memory.dmp	BazarLoaderVar1
behavioral1/memory/964-58-0x0000000180000000-0x0000000180017000-memory.dmp	BazarLoaderVar1
behavioral1/memory/964-62-0x00000000008D0000-0x00000000008E6000-memory.dmp	BazarLoaderVar1

Unexpected DNS network traffic destination 64 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description	ioc
Destination IP	147.135.185.78
Destination IP	142.4.205.47
Destination IP	158.69.239.167
Destination IP	193.183.98.66
Destination IP	162.248.241.94
Destination IP	142.4.205.47
Destination IP	82.141.39.32
Destination IP	159.89.249.249
Destination IP	163.53.248.170
Destination IP	163.53.248.170
Destination IP	104.37.195.178
Destination IP	192.99.85.244
Destination IP	130.255.78.223
Destination IP	185.164.136.225
Destination IP	169.239.202.202
Destination IP	111.67.20.8
Destination IP	66.70.211.246
Destination IP	91.217.137.37
Destination IP	51.255.48.78
Destination IP	104.238.186.189
Destination IP	178.17.170.179
Destination IP	89.18.27.167
Destination IP	96.47.228.108
Destination IP	142.4.204.111
Destination IP	159.89.249.249
Destination IP	185.208.208.141
Destination IP	51.255.48.78
Destination IP	163.172.185.51
Destination IP	139.99.96.146
Destination IP	45.32.160.206
Destination IP	158.69.239.167
Destination IP	193.183.98.66
Destination IP	81.2.241.148
Destination IP	139.99.96.146
Destination IP	212.24.98.54
Destination IP	185.117.154.144
Destination IP	192.99.85.244
Destination IP	198.251.90.143
Destination IP	92.222.97.145
Destination IP	162.248.241.94
Destination IP	178.17.170.179
Destination IP	89.18.27.167
Destination IP	91.217.137.37
Destination IP	45.32.160.206
Destination IP	193.183.98.66
Destination IP	5.135.183.146
Destination IP	94.177.171.127
Destination IP	217.12.210.54
Destination IP	5.135.183.146
Destination IP	51.255.211.146
Destination IP	5.45.97.127
Destination IP	139.59.23.241
Destination IP	192.52.166.110
Destination IP	185.121.177.177
Destination IP	5.132.191.104
Destination IP	45.63.124.65
Destination IP	104.37.195.178
Destination IP	111.67.20.8
Destination IP	158.69.239.167
Destination IP	91.217.137.37
Destination IP	51.254.25.115
Destination IP	104.37.195.178
Destination IP	188.165.200.156
Destination IP	128.52.130.209

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe

pid process

964 28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe

pid	process
964	28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe

C:\Users\Admin\AppData\Local\Temp\28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe
"C:\Users\Admin\AppData\Local\Temp\28b313f8a09e2512039b0e5bbfb67af2aee9b461bac9e0a455dbd409b7b621e3.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:964

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/964-54-0x00000000008F0000-0x0000000000909000-memory.dmp

Filesize
100KB

Download
memory/964-58-0x0000000180000000-0x0000000180017000-memory.dmp

Filesize
92KB

Download
memory/964-62-0x00000000008D0000-0x00000000008E6000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing