bazarloader | f2ec7fa4c5ae273d6d7181c0c9df225eb8ce8e0e85577b236c7b335c093f2e71 | Triage

Submit
Reports

Overview

overview

Static

static

1

qbittorren...up.exe

windows7-x64

7

qbittorren...up.exe

windows10-2004-x64

Sharing

General

Target

qbittorrent_4.5.2_x64_setup.exe
Size

31.3MB
Sample

230406-p86tgadb57
MD5

c9cd92842c3fe0cbb53e320d46eb71cf
SHA1

1bbbf8fc8b6ac9dc40ffb01b0d521c1b81174216
SHA256

f2ec7fa4c5ae273d6d7181c0c9df225eb8ce8e0e85577b236c7b335c093f2e71
SHA512

fb7f4c71c50b7ff77c8ddc41c6c4d944d8138b0d9b7e948ef16815e4f76a26b9e8f28610866fc9455ffcf04d2e38ceddf15020526730a8154694f2ac501b7138
SSDEEP

786432:rFUPR+I5pNSnPbDAMzkWeumVDg9ptSF+40S5cCPJ2SAqKEUHwg:rFS+2pNcbUMoTumxXBqCPFAq3GF

Score

10^/10

bazarloader discovery dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

qbittorrent_4.5.2_x64_setup.exe

Resource

win7-20230220-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

qbittorrent_4.5.2_x64_setup.exe

Resource

win10v2004-20230220-en

bazarloader discovery dropper loader

windows10-2004-x64

20 signatures

150 seconds

Malware Config

Targets

- Target
  
  qbittorrent_4.5.2_x64_setup.exe
- Size
  
  31.3MB
- MD5
  
  c9cd92842c3fe0cbb53e320d46eb71cf
- SHA1
  
  1bbbf8fc8b6ac9dc40ffb01b0d521c1b81174216
- SHA256
  
  f2ec7fa4c5ae273d6d7181c0c9df225eb8ce8e0e85577b236c7b335c093f2e71
- SHA512
  
  fb7f4c71c50b7ff77c8ddc41c6c4d944d8138b0d9b7e948ef16815e4f76a26b9e8f28610866fc9455ffcf04d2e38ceddf15020526730a8154694f2ac501b7138
- SSDEEP
  
  786432:rFUPR+I5pNSnPbDAMzkWeumVDg9ptSF+40S5cCPJ2SAqKEUHwg:rFS+2pNcbUMoTumxXBqCPFAq3GF
Score

10^/10

bazarloader discovery dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

bazarloaderdiscoverydropperloader

© 2018-2024

Terms | Privacy