bazarloader | e764ff97ce442c538da37acf6b3b9350_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

e764ff97ce442c538da37acf6b3b9350_JaffaCakes118
Size

1.0MB
MD5

e764ff97ce442c538da37acf6b3b9350
SHA1

e5eecbc26df01d760907b77dcb90b1f0b98bffa3
SHA256

0ea9cf0bd883474ef6ba82826db6dfc1b98c79a98f98a30af410daae7b99ed25
SHA512

97037bafa297c13ee9e3e13614debb0d9f8841a0fab7dfa9f6ccf77c52aa747261662b6a286ebce441baa908081e2fa151b81215de42687f7241c1724bbb3a00
SSDEEP

3072:8sOv8fESTARqUUCFt9/Ns8QDCaExTV1NTTLQETTaEykC3/hC3/:ZOvk/E1TQmB6

Score

10^/10

bazarloader

Malware Config

Extracted

Family

bazarloader

34.221.125.90

34.209.41.233

dfegjlefggjo.bazar

bcfijmcchijp.bazar

aeghkkbeihkn.bazar

cfhgjldfjgjo.bazar

cehgkldejgko.bazar

efehilffghio.bazar

Signatures

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource yara_rule

sample BazarLoaderVar1
Bazarloader family
bazarloader

resource	yara_rule
sample	BazarLoaderVar1

Files

e764ff97ce442c538da37acf6b3b9350_JaffaCakes118
.exe windows:6 windows x64 arch:x64

f9ade0aa18f660a34a4fa23392e21838

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

08-11-2019 00:00

Not After

16-11-2022 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2014 00:00

Not After

22-10-2024 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11-02-2011 12:00

Not After

10-02-2026 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10-11-2006 00:00

Not After

10-11-2021 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=Unknown issuer

Not Before

01-01-2013 10:00

Not After

01-04-2013 10:00

Subject

CN=Dummy certificate

Extended Key Usages

Key Usages

KeyUsageCertSign

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-11-2018 00:00

Not After

17-11-2021 12:00

Subject

CN=Google LLC,O=Google LLC,L=Mountain View,ST=ca,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:ac:63:69:83:9c:81:18:79:d3:cf:18:77:fd:27:6a:1e:a1:6e:74:4d:2a:20:d9:39:47:04:1d:38:83:5d:c7
Signer

Actual PE Digest

7d:ac:63:69:83:9c:81:18:79:d3:cf:18:77:fd:27:6a:1e:a1:6e:74:4d:2a:20:d9:39:47:04:1d:38:83:5d:c7

Digest Algorithm

sha256

PE Digest Matches

false

70:e5:60:a5:56:94:94:0b:0a:48:fe:b2:44:18:4f:ee:90:74:5f:13
Signer

Actual PE Digest

70:e5:60:a5:56:94:94:0b:0a:48:fe:b2:44:18:4f:ee:90:74:5f:13

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ExitProcess

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

f9ade0aa18f660a34a4fa23392e21838

Code Sign

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

01Certificate

Extended Key Usages

Key Usages

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2fCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

7d:ac:63:69:83:9c:81:18:79:d3:cf:18:77:fd:27:6a:1e:a1:6e:74:4d:2a:20:d9:39:47:04:1d:38:83:5d:c7Signer

70:e5:60:a5:56:94:94:0b:0a:48:fe:b2:44:18:4f:ee:90:74:5f:13Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 79KB - Virtual size: 79KB

.rdata Size: 512B - Virtual size: 212B

.data Size: 512B - Virtual size: 5KB

06:ae:a7:6b:ac:46:a9:e8:cf:e6:d2:9e:45:aa:f0:33
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

01
Certificate

0c:15:be:4a:15:bb:09:03:c9:01:b1:d6:c2:65:30:2f
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7d:ac:63:69:83:9c:81:18:79:d3:cf:18:77:fd:27:6a:1e:a1:6e:74:4d:2a:20:d9:39:47:04:1d:38:83:5d:c7
Signer

70:e5:60:a5:56:94:94:0b:0a:48:fe:b2:44:18:4f:ee:90:74:5f:13
Signer

.text
Size: 79KB - Virtual size: 79KB

.rdata
Size: 512B - Virtual size: 212B

.data
Size: 512B - Virtual size: 5KB