bazarloader | 50561167909de0e777c5d81ef72d0981b996fe46df881ab34b9b106aabbe7560 | Triage

Submit
Reports

Overview

overview

Static

static

3

1.dll

windows7-x64

1.dll

windows10-2004-x64

Documents.lnk

windows7-x64

Documents.lnk

windows10-2004-x64

Sharing

General

Target

458228b460f972d7935723acad55f9ba_JaffaCakes118
Size

1.2MB
Sample

240330-12wkpsff8v
MD5

458228b460f972d7935723acad55f9ba
SHA1

4ab23bbfa840acba573f2e585bbed01257e2aae3
SHA256

50561167909de0e777c5d81ef72d0981b996fe46df881ab34b9b106aabbe7560
SHA512

8eb9f924df291ec08dac78153cbc476b8927fe05e41118ece23392d0dce593f4a270792b106fed30d186cb83f42e3a540c28289e14e6e492fc526438891f7bf6
SSDEEP

24576:aAm1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:aAmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1.dll

Resource

win7-20240220-en

bazarloader dropper loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

1.dll

Resource

win10v2004-20231215-en

bazarloader dropper loader

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral3

Sample

Documents.lnk

Resource

win7-20240221-en

bazarloader dropper loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral4

Sample

Documents.lnk

Resource

win10v2004-20240226-en

bazarloader dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  1.dll
- Size
  
  1.1MB
- MD5
  
  730ca73a23dd70b2edf3712e4d03db1c
- SHA1
  
  48d8ff863d43bde2614ae387841135d1b33e66da
- SHA256
  
  bf58ef24dd79c02522163be7d8e523cecb2be8daf30e98fd6673d583cbc9e74b
- SHA512
  
  454b6caad5539489cbbce8efd34a2ec03b6ce38490c6c3d05f18c8825c1d70e98b1efc5974ebf92213c292d782e55abad2e1ddd0130d0ad7d2c33336a1c98f8a
- SSDEEP
  
  24576:4Am1pTsWeU8tV+VwKYs1tRS+7SPFL3EOGTWqG5QVEzAJ24GOy2ipi8z71aaDpZBG:4AmbTsWeU8tV+VwKYs1tRX7SPFL3EOGQ
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2
- Target
  
  Documents.lnk
- Size
  
  1KB
- MD5
  
  db8f42a798dd65d9bd8398c3e2564f06
- SHA1
  
  7df618ca8e5e21faf19ece8c2470f62af8e4ea15
- SHA256
  
  59b77f3b8d2e7d72c61d522a2bcabbe0b47be3b73e1a4001cb763589a656134c
- SHA512
  
  3533442932c0a796de82668f334f264b6aac4f3552eef535caeda4bb7d4feeb7d1789c09424ac3de506a8438ab9d19713ce0272816c5d8b4dd8ae545bc862053
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

behavioral3

bazarloaderdropperloader

behavioral4

bazarloaderdropperloader

© 2018-2024

Terms | Privacy