bazarloader | 4e4c7f6c2c9c7b4d73b73b38132dc9972c7d1492d628fe5d4ffb9b105ac84799 | Triage

Submit
Reports

Overview

overview

Static

static

3

3883bba6d3...e5.dll

windows7-x64

3883bba6d3...e5.dll

windows10-2004-x64

Sharing

General

Target

3883bba6d366e73e63226f1e842b44e5
Size

429KB
Sample

231231-q16deaeghp
MD5

3883bba6d366e73e63226f1e842b44e5
SHA1

869e3dafe24ed7e764d489dd38048fee4ad91090
SHA256

4e4c7f6c2c9c7b4d73b73b38132dc9972c7d1492d628fe5d4ffb9b105ac84799
SHA512

f51f0bb734d389bbf3868ac5208cb582795977a961ad6b021dd11933090eafa1f47d0cb9e4b862859f4c2fd7772806bdf336aaebc95d49286f17b33db37c3423
SSDEEP

12288:dCQXHfmzl5O43PLKOWVaLuox94QsbcG0CZgL:lOrO2PLKlVFox94QswTCeL

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3883bba6d366e73e63226f1e842b44e5.dll

Resource

win7-20231215-en

bazarloader dropper loader

windows7-x64

5 signatures

150 seconds

Behavioral task

behavioral2

Sample

3883bba6d366e73e63226f1e842b44e5.dll

Resource

win10v2004-20231222-en

bazarloader dropper loader

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  3883bba6d366e73e63226f1e842b44e5
- Size
  
  429KB
- MD5
  
  3883bba6d366e73e63226f1e842b44e5
- SHA1
  
  869e3dafe24ed7e764d489dd38048fee4ad91090
- SHA256
  
  4e4c7f6c2c9c7b4d73b73b38132dc9972c7d1492d628fe5d4ffb9b105ac84799
- SHA512
  
  f51f0bb734d389bbf3868ac5208cb582795977a961ad6b021dd11933090eafa1f47d0cb9e4b862859f4c2fd7772806bdf336aaebc95d49286f17b33db37c3423
- SSDEEP
  
  12288:dCQXHfmzl5O43PLKOWVaLuox94QsbcG0CZgL:lOrO2PLKlVFox94QswTCeL
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy