bazarloader | 7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd

Analysis

max time kernel
138s
max time network
148s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-04-2024 22:50

Target

7c8cb852b333986ff59da438533975ed_JaffaCakes118.dll
Size

497KB
MD5

7c8cb852b333986ff59da438533975ed
SHA1

cd17f87ecccd8f2e834e98d380a6447e15552467
SHA256

7fbde30e24755e328101e5705cfd1673dc8653ec17fe23fbbccb21b2accc66bd
SHA512

1209377412de2b7d0ca2000a71ebcc178e006510e600a7fafa4e05a31d4801b0215d252b1aebea9c919fde9e8bea8f5cf918f0053c86d81b5c91422d8f7bcbe7
SSDEEP

6144:cmli7eD8H0QDkZWj4LWYBiykgLrgCwr2dzohwTBbblr98sgocBKZ9tmGl246k:Lb8UQDkjk6rCIoqTd/gBm9tmT46k

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2524-0-0x00000000001A0000-0x00000000001CA000-memory.dmp	BazarLoaderVar5
behavioral1/memory/2524-1-0x00000000001A0000-0x00000000001CA000-memory.dmp	BazarLoaderVar5

Blocklisted process makes network request 11 IoCs

Processes:

rundll32.exe

Tries to connect to .bazar domain 1 IoCs
Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

flow ioc

13 blackrain15.bazar
Unexpected DNS network traffic destination 1 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 130.61.64.122

flow	ioc
13	blackrain15.bazar

description	ioc
Destination IP	130.61.64.122

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c8cb852b333986ff59da438533975ed_JaffaCakes118.dll,#1
1⤵
- Blocklisted process makes network request
PID:2524

memory/2524-0-0x00000000001A0000-0x00000000001CA000-memory.dmp

Filesize
168KB

Download
memory/2524-1-0x00000000001A0000-0x00000000001CA000-memory.dmp

Filesize
168KB

Download