bazarloader | 0f57d982ac53afb0343f77792ee0d3b03f60878969fc2bcd6d81eb941fe7e696 | Triage

Submit
Reports

Overview

overview

Static

static

1

e19cd64152...18.exe

windows7-x64

e19cd64152...18.exe

windows10-2004-x64

1

Sharing

General

Target

e19cd64152079ebf94ef57e14ff282f2_JaffaCakes118
Size

323KB
Sample

240915-dykbyatcla
MD5

e19cd64152079ebf94ef57e14ff282f2
SHA1

eecc0ece0b284d45561563572f82fa77e04b2b62
SHA256

0f57d982ac53afb0343f77792ee0d3b03f60878969fc2bcd6d81eb941fe7e696
SHA512

cb884db730b8e0b9b50fd91402575169beb589e9a60ebbc7fdd1073e1829b4131da0a6b4b41052c601943c8cb15c37d606186b43f0c583753b64dab206b6c528
SSDEEP

6144:YI3KOympXst+asjCpeIFieYhUnUJSbH7rU/uWje6H9vq:YFOl9sGjY7uFmrzg9vq

Score

10^/10

bazarloader dropper loader

Static task

static1

Behavioral task

behavioral1

Sample

e19cd64152079ebf94ef57e14ff282f2_JaffaCakes118.exe

Resource

win7-20240903-en

bazarloader dropper loader

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral2

Sample

e19cd64152079ebf94ef57e14ff282f2_JaffaCakes118.exe

Resource

win10v2004-20240802-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  e19cd64152079ebf94ef57e14ff282f2_JaffaCakes118
- Size
  
  323KB
- MD5
  
  e19cd64152079ebf94ef57e14ff282f2
- SHA1
  
  eecc0ece0b284d45561563572f82fa77e04b2b62
- SHA256
  
  0f57d982ac53afb0343f77792ee0d3b03f60878969fc2bcd6d81eb941fe7e696
- SHA512
  
  cb884db730b8e0b9b50fd91402575169beb589e9a60ebbc7fdd1073e1829b4131da0a6b4b41052c601943c8cb15c37d606186b43f0c583753b64dab206b6c528
- SSDEEP
  
  6144:YI3KOympXst+asjCpeIFieYhUnUJSbH7rU/uWje6H9vq:YFOl9sGjY7uFmrzg9vq
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

© 2018-2024

Terms | Privacy