bazarloader | c72dd826f8b887fa4969ebc23711826491f1fb16cbc4de67cf0d4790a1328589 | Triage

Submit
Reports

Overview

overview

Static

static

1

5bf5a111fa...18.exe

windows7-x64

5bf5a111fa...18.exe

windows10-2004-x64

1

Sharing

General

Target

5bf5a111fa8a0275000c133b187cbb4a_JaffaCakes118
Size

407KB
Sample

240729-yfm1bsxbll
MD5

5bf5a111fa8a0275000c133b187cbb4a
SHA1

7d66fd23316b04fa73999315f3499879a1c88c4c
SHA256

c72dd826f8b887fa4969ebc23711826491f1fb16cbc4de67cf0d4790a1328589
SHA512

c359be090cb0c3d8b02236f61d762a9011b09e64b00132321439006d6dfe21306b2e42d0e39d8f7f96f8dcd32aa89cd7bb285ea7cb01c6eeb662b026869e11b6
SSDEEP

6144:y36J/AIrknTH8nrMy63ZOZw6WAzssPKf0srIHSo5e83dawkzuAjyd0ak:O6tkTHD3Zuw6WAtyf0xrdawcuAjIe

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

5bf5a111fa8a0275000c133b187cbb4a_JaffaCakes118.exe

Resource

win7-20240708-en

bazarloader dropper loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

5bf5a111fa8a0275000c133b187cbb4a_JaffaCakes118.exe

Resource

win10v2004-20240709-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  5bf5a111fa8a0275000c133b187cbb4a_JaffaCakes118
- Size
  
  407KB
- MD5
  
  5bf5a111fa8a0275000c133b187cbb4a
- SHA1
  
  7d66fd23316b04fa73999315f3499879a1c88c4c
- SHA256
  
  c72dd826f8b887fa4969ebc23711826491f1fb16cbc4de67cf0d4790a1328589
- SHA512
  
  c359be090cb0c3d8b02236f61d762a9011b09e64b00132321439006d6dfe21306b2e42d0e39d8f7f96f8dcd32aa89cd7bb285ea7cb01c6eeb662b026869e11b6
- SSDEEP
  
  6144:y36J/AIrknTH8nrMy63ZOZw6WAzssPKf0srIHSo5e83dawkzuAjyd0ak:O6tkTHD3Zuw6WAtyf0xrdawcuAjIe
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

© 2018-2024

Terms | Privacy