bazarloader | de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a | Triage

Submit
Reports

Overview

overview

Static

static

7

gmer.exe

windows11-21h2-x64

Sharing

General

Target

gmer.zip
Size

362KB
Sample

240422-va38ksde77
MD5

fc98d351ca1a64897503036e665e14c6
SHA1

3fb1ea6eadf5551e5b81c22b0a45ce892c5a87b2
SHA256

de3abde117d7eacbb638bc7d0151f929cf80a4bb5e5beb1e390839e96fc6722a
SHA512

ace21b7ca04162a85b46f5727e369ca5de36a99aa9870971bbe2e794dd9b7083834a2c9954c33c0199740fb78ab8f32b3052a9b9e72419add30664caaa1d689d
SSDEEP

6144:uBzWZvuPzYt+4gpqK6w+cdLMXzl3udtSToGLjwaurCDG2h46ArZLtQ2AA:Wz4k2+nzANXz5u3HX6AdLAA

Score

10^/10

bazarloader discovery dropper loader persistence upx

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

gmer.exe

Resource

win11-20240412-en

bazarloader discovery dropper loader persistence upx

windows11-21h2-x64

9 signatures

300 seconds

Malware Config

Targets

- Target
  
  gmer.exe
- Size
  
  372KB
- MD5
  
  e9dc058440d321aa17d0600b3ca0ab04
- SHA1
  
  539c228b6b332f5aa523e5ce358c16647d8bbe57
- SHA256
  
  e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173
- SHA512
  
  7e9a18fd03f1ce53e2829683f7aa51bd3ce7794ead29266bcb248e3088342dc369c43f644d31f4671a9a97244bbbfc2add1961b7c760e41b8ddf277bcdb7ebde
- SSDEEP
  
  6144:wW3dQfk45aQOVusKHL7G0FJ6KbJLor/XqNjHtBfLptTksD0c2PMM40:FgkOZHvNJ6KbJE/qNBJT/h2PM
Score

10^/10

bazarloader discovery dropper loader persistence upx
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Sets service image path in registry
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarloaderdiscoverydropperloaderpersistenceupx

© 2018-2024

Terms | Privacy