bazarloader | c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd | Triage

Submit
Reports

Overview

overview

Static

static

core3_1.dll

windows7-x64

8

core3_1.dll

windows10-2004-x64

Sharing

General

Target

core3_1.bin
Size

214KB
Sample

220718-gsqtbabagl
MD5

6a94e3723ca817d1af955d2ed03062bc
SHA1

0f3fbe7fbb072f30cad64e825811a9f5f323f3bc
SHA256

c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd
SHA512

87ddc3615491d99350c14b0c8214d1d7c200072ae8f74ab9af3cc0128fd78017b4c5d053b06b4bb2f6f05e1bb1afba662e0ccd673b910f5979ae3893dff4b658

Score

10^/10

bazarloader dropper loader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

core3_1.dll

Resource

win7-20220715-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

core3_1.dll

Resource

win10v2004-20220414-en

bazarloader dropper loader

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  core3_1.bin
- Size
  
  214KB
- MD5
  
  6a94e3723ca817d1af955d2ed03062bc
- SHA1
  
  0f3fbe7fbb072f30cad64e825811a9f5f323f3bc
- SHA256
  
  c924d04db0dc4f4591c149b5ce9ea06f9bcc0628c9294b84cad522456f1c4cdd
- SHA512
  
  87ddc3615491d99350c14b0c8214d1d7c200072ae8f74ab9af3cc0128fd78017b4c5d053b06b4bb2f6f05e1bb1afba662e0ccd673b910f5979ae3893dff4b658
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy