bazarloader | 29fc04ad420d5b64e7f420c6d9b4f86b9ee4e36483538d4e3b1835950baca760 | Triage

Submit
Reports

Overview

overview

Static

static

3

Documents.lnk

windows7-x64

Documents.lnk

windows10-2004-x64

Documents.dll

windows7-x64

Documents.dll

windows10-2004-x64

Sharing

General

Target

ed70c9a9168a3b6f7ac56ae48e60b583_JaffaCakes118
Size

776KB
Sample

240411-ptscjaeg6y
MD5

ed70c9a9168a3b6f7ac56ae48e60b583
SHA1

8436bfcb10c9c70f789f6db9acf77ec4e550af74
SHA256

29fc04ad420d5b64e7f420c6d9b4f86b9ee4e36483538d4e3b1835950baca760
SHA512

00529b2d91e54621879a8a4606ee3aac1128596f6a2296a651dc16e98429bb2228318c25de5ac1859d17c9f996dd4a266dae7048c5b22b4b6e744a0e084e5546
SSDEEP

12288:iZ8/FEwPCrLWmPKaDkseX533dzRm1qZLCpCj8FhCJQ7hmEJMz:jWr9CMkT33d92iLCCaXh1JM

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Documents.lnk

Resource

win7-20240221-en

bazarloader dropper loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

Documents.lnk

Resource

win10v2004-20240226-en

bazarloader dropper loader

windows10-2004-x64

7 signatures

150 seconds

Behavioral task

behavioral3

Sample

Documents.dll

Resource

win7-20240221-en

bazarloader dropper loader

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral4

Sample

Documents.dll

Resource

win10v2004-20240226-en

bazarloader dropper loader

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  Documents.lnk
- Size
  
  1KB
- MD5
  
  857402be70e2963aebaed2162585dfed
- SHA1
  
  de55e131a8e20331f170aa6cdaca522bcf549f29
- SHA256
  
  d982cd19473751d5d32f749e198e42d4cae2548eae65b532d0d121a275f62b8f
- SHA512
  
  f61f8670c035f9a3d3de25a6b15abd0b974debb721338c7bbf1fd38734f6c02a121d87a0ec6caa29992a66d19da28ff07667f0e8ffb19fdc1e5f8c467e9ca7e9
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2
- Target
  
  Documents.tmp
- Size
  
  724KB
- MD5
  
  d7e7cf2ed643c84f35da54f6abbc8409
- SHA1
  
  4eaff70353abf1a9d1caf840d7a23c3f72fc5bb6
- SHA256
  
  4374f12287c158cc6e9421640b459455307e471711cc41f5666a1cbc553a3eb3
- SHA512
  
  cdf21fdcece645df88392bb9a0a865cb6ff5180d25bdeffab3a781c58612c84e0b2de1cbca8dacbfd307e3afcaf1fb5f60527f572c6b6098a43defc142799b21
- SSDEEP
  
  12288:eZ8/FEwPCrLWmPKaDkseX533dzRm1qZLCpCj8FhCJQ7hmEJMz:nWr9CMkT33d92iLCCaXh1JM
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

behavioral3

bazarloaderdropperloader

behavioral4

bazarloaderdropperloader

© 2018-2025

Terms | Privacy