bazarloader | 61043e6e6785a73aa964622059e9914aa1305ae8a3bbbf061201c769e139fefa | Triage

Submit
Reports

Overview

overview

Static

static

3

0326acfc51...cc.dll

windows7-x64

0326acfc51...cc.dll

windows10-2004-x64

Sharing

General

Target

0326acfc5189de754bfc75d2d49114cc
Size

429KB
Sample

231225-d2ewmabfh5
MD5

0326acfc5189de754bfc75d2d49114cc
SHA1

71120c623bffc633ea11eecb36b55ca03ef7f167
SHA256

61043e6e6785a73aa964622059e9914aa1305ae8a3bbbf061201c769e139fefa
SHA512

706c4f4a6d894e1b6ffe90859201a7dddfd8fbbdcd99f2dffb2436b42590fd9a68afd402b5d50441e92607708a76a9dba1a92186619655996e9979e5f282db27
SSDEEP

12288:dCQXHfmzl5O43PLKOWVaLuox94QsbcG0CZgl:lOrO2PLKlVFox94QswTCel

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0326acfc5189de754bfc75d2d49114cc.dll

Resource

win7-20231215-en

bazarloader dropper loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

0326acfc5189de754bfc75d2d49114cc.dll

Resource

win10v2004-20231215-en

bazarloader dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  0326acfc5189de754bfc75d2d49114cc
- Size
  
  429KB
- MD5
  
  0326acfc5189de754bfc75d2d49114cc
- SHA1
  
  71120c623bffc633ea11eecb36b55ca03ef7f167
- SHA256
  
  61043e6e6785a73aa964622059e9914aa1305ae8a3bbbf061201c769e139fefa
- SHA512
  
  706c4f4a6d894e1b6ffe90859201a7dddfd8fbbdcd99f2dffb2436b42590fd9a68afd402b5d50441e92607708a76a9dba1a92186619655996e9979e5f282db27
- SSDEEP
  
  12288:dCQXHfmzl5O43PLKOWVaLuox94QsbcG0CZgl:lOrO2PLKlVFox94QswTCel
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy