bazarloader | e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4 | Triage

Sharing

General

Target

e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
Size

288KB
Sample

221026-1tmmtshcf3
MD5

fdffbfa1380ab1a0ee2e26ff1be432b1
SHA1

5a004286c5b97afd97beec4b1332777c494d6ff1
SHA256

e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
SHA512

36f8b7fafff7a8c23802358de537efe3a3de76d89db212c62ee9ce502c64cad7817c185e1cea8487214745e636c285476a0819f90fa397a29a25f56f3dbc59d9
SSDEEP

6144:5nHYYpyAFUkAVcUtJ9YR7qZmeN9CGSiVMryu1Y5IDfsz:RxpyoUz1Gdom7GSuMrdk

Score

10^/10

bazarloader dropper loader

Malware Config

Targets

- Target
  
  e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
- Size
  
  288KB
- MD5
  
  fdffbfa1380ab1a0ee2e26ff1be432b1
- SHA1
  
  5a004286c5b97afd97beec4b1332777c494d6ff1
- SHA256
  
  e77e27630277a31276539c379671f54095d6b735f0568a3c457ac6a189c4c5b4
- SHA512
  
  36f8b7fafff7a8c23802358de537efe3a3de76d89db212c62ee9ce502c64cad7817c185e1cea8487214745e636c285476a0819f90fa397a29a25f56f3dbc59d9
- SSDEEP
  
  6144:5nHYYpyAFUkAVcUtJ9YR7qZmeN9CGSiVMryu1Y5IDfsz:RxpyoUz1Gdom7GSuMrdk
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader