bazarloader | c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16 | Triage

Sharing

General

Target

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16
Size

245KB
Sample

220521-eszecacger
MD5

44bcd26f9a5bdffaec1458ae3ac05e5d
SHA1

5f2ac141932304ca6fd4252d19b54b7ac0769252
SHA256

c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16
SHA512

a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115

Score

10^/10

bazarloader dropper loader

Malware Config

Targets

- Target
  
  c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16
- Size
  
  245KB
- MD5
  
  44bcd26f9a5bdffaec1458ae3ac05e5d
- SHA1
  
  5f2ac141932304ca6fd4252d19b54b7ac0769252
- SHA256
  
  c45e01b4a06640be506fafb3ea3daaa648f2f728e152b1896ba920a902c90d16
- SHA512
  
  a6dade5b186371af34db8fce5d278895b4cf3f10f7fe0617ab01315cb67efeca2d20425c24689078ff7e1aefd63a3f11b24ca39ea89d928c1e3bd6f34dc4e115
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Executes dropped EXE
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2