bazarloader | e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d | Triage

Submit
Reports

Overview

overview

Static

static

3

f20af19917...18.dll

windows7-x64

f20af19917...18.dll

windows10-2004-x64

Sharing

General

Target

f20af1991721941a6712a07cfb2a81be_JaffaCakes118
Size

536KB
Sample

240415-139tqabg2x
MD5

f20af1991721941a6712a07cfb2a81be
SHA1

a134fcd514bb5cfbe9e98b9cfe28f3e02b9a28cf
SHA256

e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
SHA512

a8e248af9bcd8d427806d9ecc4e165ff34d0f8866f273e6b0bdd5bffcf1269a503880d94c6c3827ef762499899345405b13f6128c6d4eef8fdba6c7ef205480c
SSDEEP

12288:FRFZrKEx0B559K5mYneuZ3ot3Ufc1zg6o1HZmfFd:FHZFK3K5mYneuZ3Mv1zg6o1HEtd

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

f20af1991721941a6712a07cfb2a81be_JaffaCakes118.dll

Resource

win7-20240215-en

bazarloader dropper loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

f20af1991721941a6712a07cfb2a81be_JaffaCakes118.dll

Resource

win10v2004-20240412-en

bazarloader dropper loader

windows10-2004-x64

5 signatures

150 seconds

Malware Config

Targets

- Target
  
  f20af1991721941a6712a07cfb2a81be_JaffaCakes118
- Size
  
  536KB
- MD5
  
  f20af1991721941a6712a07cfb2a81be
- SHA1
  
  a134fcd514bb5cfbe9e98b9cfe28f3e02b9a28cf
- SHA256
  
  e36d3891436038b678aae50859a8bca3c50989deea07b8776c3927e76ad57c1d
- SHA512
  
  a8e248af9bcd8d427806d9ecc4e165ff34d0f8866f273e6b0bdd5bffcf1269a503880d94c6c3827ef762499899345405b13f6128c6d4eef8fdba6c7ef205480c
- SSDEEP
  
  12288:FRFZrKEx0B559K5mYneuZ3ot3Ufc1zg6o1HZmfFd:FHZFK3K5mYneuZ3Mv1zg6o1HEtd
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy