bazarloader | 1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10 | Triage

Sharing

General

Target

7162fdf107c2d36f99c59d5435a4d399_JaffaCakes118
Size

363KB
Sample

240401-n5q36sec94
MD5

7162fdf107c2d36f99c59d5435a4d399
SHA1

b4ffeac7e7b25409b709377430dfe8821ca21e6e
SHA256

1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
SHA512

4098f01ba4da3742e96a70cf2478c26d8a24db1c97b048d27c40cb4f28c221c180ae356536b5bda41d9d041aa029dc951a90cd7fa038a5a7bc4c4d27a7fa95f8
SSDEEP

6144:RM8CPvvwq0YslcteDNCfgQ/Fkp8HuubxwHdy/6E6OuUNkTf:kvvwTYslTMIQQubxTNkD

Score

10^/10

bazarloader dropper loader persistence

Malware Config

Extracted

Family

bazarloader

C2

167.172.108.158

64.227.66.10

134.209.91.22

167.172.108.213

blackrain15.bazar

reddew28c.bazar

bluehail.bazar

whitestorm9p.bazar

Targets

- Target
  
  7162fdf107c2d36f99c59d5435a4d399_JaffaCakes118
- Size
  
  363KB
- MD5
  
  7162fdf107c2d36f99c59d5435a4d399
- SHA1
  
  b4ffeac7e7b25409b709377430dfe8821ca21e6e
- SHA256
  
  1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
- SHA512
  
  4098f01ba4da3742e96a70cf2478c26d8a24db1c97b048d27c40cb4f28c221c180ae356536b5bda41d9d041aa029dc951a90cd7fa038a5a7bc4c4d27a7fa95f8
- SSDEEP
  
  6144:RM8CPvvwq0YslcteDNCfgQ/Fkp8HuubxwHdy/6E6OuUNkTf:kvvwTYslTMIQQubxTNkD
Score

10^/10

bazarloader dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloaderpersistence