bazarloader | d960d813e436aa80a7e1916e61fe5a5d70544a250bbc65809881e83650f68365 | Triage

Submit
Reports

Overview

overview

Static

static

1

view.html

windows10-2004-x64

8

view.html

windows11-21h2-x64

Resubmissions

Sharing

General

Target

view
Size

83KB
Sample

240414-ppr6zagf48
MD5

b06069fcffd0976d0e24a6dd1a0fe28f
SHA1

e4b5ac681dc4a1045e39f1b5969395bd4e752f96
SHA256

d960d813e436aa80a7e1916e61fe5a5d70544a250bbc65809881e83650f68365
SHA512

5bbd933ce72067c4fd2ac236b8b6271c2ff0112b2da67988cf39ed1f4a95afb46252a5b9940c8c11053307dd36ac2455ead7123f1e6f499ea2d90d047b454e62
SSDEEP

1536:EASkVWKyYFiOOCV8Y1ue4bHwCfo4jW9+15RTP:5jGxyiTP

Score

10^/10

bazarloader discovery dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

view.html

Resource

win10v2004-20240412-en

windows10-2004-x64

20 signatures

1800 seconds

Behavioral task

behavioral2

Sample

view.html

Resource

win11-20240412-en

bazarloader discovery dropper loader

windows11-21h2-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  view
- Size
  
  83KB
- MD5
  
  b06069fcffd0976d0e24a6dd1a0fe28f
- SHA1
  
  e4b5ac681dc4a1045e39f1b5969395bd4e752f96
- SHA256
  
  d960d813e436aa80a7e1916e61fe5a5d70544a250bbc65809881e83650f68365
- SHA512
  
  5bbd933ce72067c4fd2ac236b8b6271c2ff0112b2da67988cf39ed1f4a95afb46252a5b9940c8c11053307dd36ac2455ead7123f1e6f499ea2d90d047b454e62
- SSDEEP
  
  1536:EASkVWKyYFiOOCV8Y1ue4bHwCfo4jW9+15RTP:5jGxyiTP
Score

10^/10

discovery bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Legitimate hosting services abused for malware hosting/C2
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bazarloaderdiscoverydropperloader

© 2018-2024

Terms | Privacy