bazarloader | ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052 | Triage

Submit
Reports

Overview

overview

Static

static

ce5ee2fd8a...52.dll

windows7-x64

ce5ee2fd8a...52.dll

windows10-2004-x64

Sharing

General

Target

ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
Size

611KB
Sample

220804-zvwfpabhhr
MD5

df96269b0242bdb6a06621696f5d31cb
SHA1

db4ececac3eb4d38c632a6f83f42666bce0070ae
SHA256

ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
SHA512

e3b17f0640be0fc109d6247bae58711583f42152bb29f887e9f5ca456518f70d687d793278f19fde24419ff34ff5888ead43bc00a0bddbb6994f36d19f956f83

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052.dll

Resource

win7-20220715-en

bazarloader dropper loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052.dll

Resource

win10v2004-20220721-en

bazarloader dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
- Size
  
  611KB
- MD5
  
  df96269b0242bdb6a06621696f5d31cb
- SHA1
  
  db4ececac3eb4d38c632a6f83f42666bce0070ae
- SHA256
  
  ce5ee2fd8aa4acda24baf6221b5de66220172da0eb312705936adc5b164cc052
- SHA512
  
  e3b17f0640be0fc109d6247bae58711583f42152bb29f887e9f5ca456518f70d687d793278f19fde24419ff34ff5888ead43bc00a0bddbb6994f36d19f956f83
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy