bazarloader | 0ea9cf0bd883474ef6ba82826db6dfc1b98c79a98f98a30af410daae7b99ed25 | Triage

Sharing

General

Target

e764ff97ce442c538da37acf6b3b9350_JaffaCakes118
Size

1.0MB
Sample

240917-wjje7sweqf
MD5

e764ff97ce442c538da37acf6b3b9350
SHA1

e5eecbc26df01d760907b77dcb90b1f0b98bffa3
SHA256

0ea9cf0bd883474ef6ba82826db6dfc1b98c79a98f98a30af410daae7b99ed25
SHA512

97037bafa297c13ee9e3e13614debb0d9f8841a0fab7dfa9f6ccf77c52aa747261662b6a286ebce441baa908081e2fa151b81215de42687f7241c1724bbb3a00
SSDEEP

3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6

Score

10^/10

bazarloader discovery dropper loader persistence

Malware Config

Extracted

Family

bazarloader

C2

34.221.125.90

34.209.41.233

dfegjlefggjo.bazar

bcfijmcchijp.bazar

aeghkkbeihkn.bazar

cfhgjldfjgjo.bazar

cehgkldejgko.bazar

efehilffghio.bazar

Targets

- Target
  
  e764ff97ce442c538da37acf6b3b9350_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  e764ff97ce442c538da37acf6b3b9350
- SHA1
  
  e5eecbc26df01d760907b77dcb90b1f0b98bffa3
- SHA256
  
  0ea9cf0bd883474ef6ba82826db6dfc1b98c79a98f98a30af410daae7b99ed25
- SHA512
  
  97037bafa297c13ee9e3e13614debb0d9f8841a0fab7dfa9f6ccf77c52aa747261662b6a286ebce441baa908081e2fa151b81215de42687f7241c1724bbb3a00
- SSDEEP
  
  3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6
Score

10^/10

bazarloader discovery dropper loader persistence
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdiscoverydropperloaderpersistence

behavioral2

bazarloaderdiscoverydropperloaderpersistence