bazarloader | bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18 | Triage

Submit
Reports

Overview

overview

Static

static

1

utorrent_i...er.exe

windows10-2004-x64

Sharing

General

Target

utorrent_installer.exe
Size

1.7MB
Sample

230906-vpkd1saa5t
MD5

241ce365f228ee5f74d81b3fea14e09a
SHA1

700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3
SHA256

bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18
SHA512

bf3756fb2b037a10592498f08e6eb3bad8f50da4ff9e96703e646a69ea1481e6801023abb3b1aae923fb2c68bb21ae5bb50f8e675b57ff90504c8e7ee8f81593
SSDEEP

49152:9BuZrEUT97LZxMPrlDZFBmS06nIJOZobMP:LkLp/ZSr97Bmb6naO6bs

Score

10^/10

bazarloader discovery dropper evasion loader persistence upx

Static task

static1

Behavioral task

behavioral1

Sample

utorrent_installer.exe

Resource

win10v2004-20230831-en

bazarloader discovery dropper evasion loader persistence upx

windows10-2004-x64

27 signatures

1800 seconds

Malware Config

Targets

- Target
  
  utorrent_installer.exe
- Size
  
  1.7MB
- MD5
  
  241ce365f228ee5f74d81b3fea14e09a
- SHA1
  
  700b05506dd3eebb4b87ff545f6d2bb6af6a3ae3
- SHA256
  
  bf4ee47d0df1870104f4fada8a68c2fb29e94fea9284c7bb6a6b385a718d8a18
- SHA512
  
  bf3756fb2b037a10592498f08e6eb3bad8f50da4ff9e96703e646a69ea1481e6801023abb3b1aae923fb2c68bb21ae5bb50f8e675b57ff90504c8e7ee8f81593
- SSDEEP
  
  49152:9BuZrEUT97LZxMPrlDZFBmS06nIJOZobMP:LkLp/ZSr97Bmb6naO6bs
Score

10^/10

bazarloader discovery dropper evasion loader persistence upx
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Downloads MZ/PE file
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdiscoverydropperevasionloaderpersistenceupx

© 2018-2024

Terms | Privacy