bazarloader | 2bc93ff34de7019410fb251d7dcfeb731795e8375402eca5a526dbe1ffbb6f04 | Triage

Submit
Reports

Overview

overview

Static

static

3

52f7a51c10...76.dll

windows7-x64

52f7a51c10...76.dll

windows10-2004-x64

Sharing

General

Target

52f7a51c10ed1af473b8e49753b1a776
Size

338KB
Sample

231226-eqgrhsdae7
MD5

52f7a51c10ed1af473b8e49753b1a776
SHA1

3810802f7f9291f4c8a3a9c2b0adf2359b33cd92
SHA256

2bc93ff34de7019410fb251d7dcfeb731795e8375402eca5a526dbe1ffbb6f04
SHA512

63dda9738f7e178c70e5ab9974268c48453ba358be65e169594a77e36f82e5787914488c0c09967f43a39446ec5ec6fd4fe4ba1c4ec834c2c6d3f25c96bd268f
SSDEEP

6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6dT:zTbxuLfUCR2kQMgZ6W4OIePAT

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

52f7a51c10ed1af473b8e49753b1a776.dll

Resource

win7-20231215-en

bazarloader dropper loader

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

52f7a51c10ed1af473b8e49753b1a776.dll

Resource

win10v2004-20231215-en

bazarloader dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  52f7a51c10ed1af473b8e49753b1a776
- Size
  
  338KB
- MD5
  
  52f7a51c10ed1af473b8e49753b1a776
- SHA1
  
  3810802f7f9291f4c8a3a9c2b0adf2359b33cd92
- SHA256
  
  2bc93ff34de7019410fb251d7dcfeb731795e8375402eca5a526dbe1ffbb6f04
- SHA512
  
  63dda9738f7e178c70e5ab9974268c48453ba358be65e169594a77e36f82e5787914488c0c09967f43a39446ec5ec6fd4fe4ba1c4ec834c2c6d3f25c96bd268f
- SSDEEP
  
  6144:uZwKn8bxurvfUCEs7I4V2PsqHMc/PZ6RguROla0CWecIdn9TCwC6dT:zTbxuLfUCR2kQMgZ6W4OIePAT
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy