bazarloader | 878042c415ec1cb62d14e8b0f79fce6838e0813790546f7dd20eae65e9b9c8a2

General

Target

8523aabf128e7b6d8a440422494a763a_JaffaCakes118
Size

416KB
Sample

240402-gb251sad35
MD5

8523aabf128e7b6d8a440422494a763a
SHA1

bcfe0aa7c8968e64e7aaf11532713eb71e903fc6
SHA256

878042c415ec1cb62d14e8b0f79fce6838e0813790546f7dd20eae65e9b9c8a2
SHA512

adfb6bd865712eec591ffe2d9613b8586ec8ca2a077406816ee7283be494ef46c647484ece5a2a8bcf46b2378d5ccc3375703ebba65d2ab99256609c73c66b1a
SSDEEP

6144:zM8CPvvwq0YslcteDNCfgQ/Fkp8HuubxwHdy/6E6OuUNkTf:+vvwTYslTMIQQubxTNkD

Score

10^/10

Malware Config

Extracted

Family

bazarloader

C2

167.172.108.158

64.227.66.10

134.209.91.22

167.172.108.213

blackrain15.bazar

reddew28c.bazar

bluehail.bazar

whitestorm9p.bazar

Targets

- Target
  
  1.dll
- Size
  
  363KB
- MD5
  
  7162fdf107c2d36f99c59d5435a4d399
- SHA1
  
  b4ffeac7e7b25409b709377430dfe8821ca21e6e
- SHA256
  
  1f9f8cf325ff2de752478ff0623086019ebd1ffbce1d1c2f60e0b70149279f10
- SHA512
  
  4098f01ba4da3742e96a70cf2478c26d8a24db1c97b048d27c40cb4f28c221c180ae356536b5bda41d9d041aa029dc951a90cd7fa038a5a7bc4c4d27a7fa95f8
- SSDEEP
  
  6144:RM8CPvvwq0YslcteDNCfgQ/Fkp8HuubxwHdy/6E6OuUNkTf:kvvwTYslTMIQQubxTNkD
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
behavioral1 behavioral2
- Target
  
  Documents.lnk
- Size
  
  1KB
- MD5
  
  ec51abdb23fa981e42880f7f5b14e3cb
- SHA1
  
  23d8a6518881e1a674f61c8770f1d61fb41a028a
- SHA256
  
  8af83f0076068afdb43cab960420aaf65d8babbe122fde780f8db33fce19a636
- SHA512
  
  e6b7441c0cf7e5a2c342a6980debf0f29747178f908979abeb8becaa087c71d10c5a181922ab46c576424ec1cc75085d2effec74def59ecb38701dd832585ebf
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

Remote System Discovery

1

T1018

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Bazar Loader

Bazar Loader

Checks computer location settings

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4