bazarloader | de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a | Triage

Submit
Reports

Overview

overview

Static

static

7

gmer.exe

windows11-21h2-x64

Sharing

General

Target

gmer.zip
Size

362KB
Sample

240422-va38ksde77
MD5

fc98d351ca1a64897503036e665e14c6
SHA1

3fb1ea6eadf5551e5b81c22b0a45ce892c5a87b2
SHA256

de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a
SHA512

ace21b7ca04162a85b46f5727e369ca5de36a99aa9870971bbe2e794dd9b7083834a2c9954c33c0199740fb78ab8f32b3052a9b9e72419add30664caaa1d689d
SSDEEP

6144:uBzWZvuPzYt+4gpqK6w+cdLMXzl3udtSToGLjwaurCDG2h46ArZLtQ2AA:Wz4k2+nzANXz5u3HX6AdLAA

Score

10^/10

bazarloader discovery dropper loader persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

gmer.exe

Resource

win11-20240412-en

bazarloader discovery dropper loader persistence upx

windows11-21h2-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  gmer.exe
- Size
  
  372KB
- MD5
  
  e9dc058440d321aa17d0600b3ca0ab04
- SHA1
  
  539c228b6b332f5aa523e5ce358c16647d8bbe57
- SHA256
  
  e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173
- SHA512
  
  7e9a18fd03f1ce53e2829683f7aa51bd3ce7794ead29266bcb248e3088342dc369c43f644d31f4671a9a97244bbbfc2add1961b7c760e41b8ddf277bcdb7ebde
- SSDEEP
  
  6144:wW3dQfk45aQOVusKHL7G0FJ6KbJLor/XqNjHtBfLptTksD0c2PMM40:FgkOZHvNJ6KbJE/qNBJT/h2PM
Score

10^/10

bazarloader discovery dropper loader persistence upx
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdiscoverydropperloaderpersistenceupx

© 2018-2024

Terms | Privacy