bazarloader | c896ee848586dd0c61c2a821a03192a5efef1b4b4e03b48aba18eedab1b864f7 | Triage

Sharing

General

Target

c896ee848586dd0c61c2a821a03192a5efef1b4b4e03b48aba18eedab1b864f7
Size

270KB
Sample

240410-re3wtsad96
MD5

f5f69d0658dccfa7b98819d20fe3e37e
SHA1

45d3ea376271c4858d3e8a5b432c7139b7a964af
SHA256

c896ee848586dd0c61c2a821a03192a5efef1b4b4e03b48aba18eedab1b864f7
SHA512

1471f814cc9a21b5196f43f28ebba95d5cc1c13310bf57186795a5adc9c72eb103ae70d459863bed816c873787888b98b66d5fcc80e3c2b0d935278f8d13182c
SSDEEP

6144:rto53dB6ueZWko+SVplPMPP3O/Dnv53x:udbrkoLVwPPE

Score

10^/10

bazarloader dropper loader

Malware Config

Targets

- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  e87e52db1aa360baf8444c5524dd2b26
- SHA1
  
  b89d0c4568c74f03ec3e1917c22a83c37409b10a
- SHA256
  
  6497223d35530f2e510382aa1866b83ffaf215213b8080b7ecb299b6e7e3e6b1
- SHA512
  
  e93d7808c29ec45569382ee5bd2f50a41c0cf1c1d2cbb909d5aec2abf166f0ad87b672eaa4a1c00b28eb31faf55f1a254d8ab842bcb4d22dd750b26926e7c64a
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  DumpStack.log
- Size
  
  216KB
- MD5
  
  f948fe3f01333c0326d4dd598e4945c0
- SHA1
  
  70a619d1b2acbf969b44aded654d6a9257465e2b
- SHA256
  
  f2a957f609ec57b8cbc6035629b249edc288bca6025a1e1a7c83a8ce20f7ebdb
- SHA512
  
  9406184548f174839dc1634b13018375afd9a34305a0810fbf18f32da44d0e77f887b192ad8c570700d94383df2d2bf3f120adf09073f3378e030bda3892f651
- SSDEEP
  
  6144:Vto53dB6ueZWko+SVplPMPP3O/Dnv53x:gdbrkoLVwPPE
Score

1^/10
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

behavioral3

behavioral4