bazarloader | 1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

Castle of ...-1.exe

windows10-2004-x64

Resubmissions

04-09-2023 00:33

230904-awfdesdb38 8

03-09-2023 23:32

230903-3jc2rada36 8

03-09-2023 22:36

230903-2jhrkace5s 8

27-07-2023 15:08

230727-sh76dsgc6t 10

27-07-2023 15:03

230727-se9vtaff33 8

27-07-2023 14:59

230727-sc3zgsfe94 8

Sharing

General

Target

Castle of Temptation_6hiiU-1.exe
Size

13.8MB
Sample

230727-sh76dsgc6t
MD5

98f37b09dadc616079b92a6c5afdd066
SHA1

b55932b9c10046cfccde0210d5da29f3e5b2afb9
SHA256

1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
SHA512

6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
SSDEEP

196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU

Score

10^/10

bazarloader discovery dropper evasion loader

Static task

static1

Behavioral task

behavioral1

Sample

Castle of Temptation_6hiiU-1.exe

Resource

win10v2004-20230703-en

bazarloader discovery dropper evasion loader

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Castle of Temptation_6hiiU-1.exe
- Size
  
  13.8MB
- MD5
  
  98f37b09dadc616079b92a6c5afdd066
- SHA1
  
  b55932b9c10046cfccde0210d5da29f3e5b2afb9
- SHA256
  
  1f4f7b787ee329059e4de4487ba5c17c7c6ca3be95b72c9873fc9380632fa1f9
- SHA512
  
  6e45a6fe9d35350be799fa95d7aa12a960695d94dd99ff581c17685b94c1e8b4ba618dc5d3932a7e0ce63c676471caeb6bc2ee40e1c644ae7848bf0db286a26f
- SSDEEP
  
  196608:0j6kU9NYlObEk0Lp2dd/kZzkmxgy9NSW7I7GIXSpINbhiTGIwTh3kC3uDEN9TrSh:mLSN30LpEiSCC9XSpIFwah3RuINhkUU
Score

10^/10

bazarloader discovery dropper evasion loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Modifies Windows Firewall
  evasion
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarloaderdiscoverydropperevasionloader

© 2018-2024

Terms | Privacy