bazarloader | 5e1f7246b57c5a54c246d40ba8adcdd2fdff29b8760c7dc7ca5893b4764e6949 | Triage

Submit
Reports

Overview

overview

Static

static

3

a989a70066...97.dll

windows7-x64

a989a70066...97.dll

windows10-2004-x64

Sharing

General

Target

a989a70066d734762a1ec5255604c197
Size

1.2MB
Sample

240227-s7rjyada37
MD5

a989a70066d734762a1ec5255604c197
SHA1

537b6577c8d58982a1ce4f21a799bb44b0f0019d
SHA256

5e1f7246b57c5a54c246d40ba8adcdd2fdff29b8760c7dc7ca5893b4764e6949
SHA512

f10b99e2082f2f1959af48a95fda7094c5d13ac5e71bc8701c9242d92cf4f37b8a03117ac5ccbb1c0f68f27be3fb1c9715f4ab42882a3662a0c136554cfc9d90
SSDEEP

12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72Bf:HWeaZzqY7dhBjz/lfo/FIyXv72Bf

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a989a70066d734762a1ec5255604c197.dll

Resource

win7-20240221-en

bazarloader dropper loader

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

a989a70066d734762a1ec5255604c197.dll

Resource

win10v2004-20240226-en

bazarloader dropper loader

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  a989a70066d734762a1ec5255604c197
- Size
  
  1.2MB
- MD5
  
  a989a70066d734762a1ec5255604c197
- SHA1
  
  537b6577c8d58982a1ce4f21a799bb44b0f0019d
- SHA256
  
  5e1f7246b57c5a54c246d40ba8adcdd2fdff29b8760c7dc7ca5893b4764e6949
- SHA512
  
  f10b99e2082f2f1959af48a95fda7094c5d13ac5e71bc8701c9242d92cf4f37b8a03117ac5ccbb1c0f68f27be3fb1c9715f4ab42882a3662a0c136554cfc9d90
- SSDEEP
  
  12288:6yWeahQ/LWnzkXz5HYrniajhuSlHJzJBlPXXo/6aNdCaBSPZC1XZV72Bf:HWeaZzqY7dhBjz/lfo/FIyXv72Bf
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy