bazarloader | 9fdec91231fe3a709c8d4ec39e25ce8c55282167c561b14917b52701494ac269 | Triage

Sharing

General

Target

bazar.iso
Size

270KB
Sample

241004-lnb7ks1elh
MD5

b1bde76849fc4801a0369c7097600863
SHA1

2050daf2e7882297afdd549b61d70d27e79fd836
SHA256

9fdec91231fe3a709c8d4ec39e25ce8c55282167c561b14917b52701494ac269
SHA512

4d855c7dcf6ce7d56dd976908e6a5d356ad04cad0df8280d74ce474c25e962142f0271408dc1a987951fe4679cbbc291b71f7d47b1b8f151d04970d74156a0b6
SSDEEP

6144:AWnRr/qJy8CQnzX473venaGyRAU9uBXP:Bn9qJ5rnzoLvong6X

Score

10^/10

bazarloader dropper loader

Malware Config

Targets

- Target
  
  Attachments.lnk
- Size
  
  1KB
- MD5
  
  e87e52db1aa360baf8444c5524dd2b26
- SHA1
  
  b89d0c4568c74f03ec3e1917c22a83c37409b10a
- SHA256
  
  6497223d35530f2e510382aa1866b83ffaf215213b8080b7ecb299b6e7e3e6b1
- SHA512
  
  e93d7808c29ec45569382ee5bd2f50a41c0cf1c1d2cbb909d5aec2abf166f0ad87b672eaa4a1c00b28eb31faf55f1a254d8ab842bcb4d22dd750b26926e7c64a
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Loads dropped DLL
behavioral1
- Target
  
  DumpStack.log
- Size
  
  217KB
- MD5
  
  f7047fdbd3cd218b55cf4e2d6b9fb4f0
- SHA1
  
  a9c1e9a78934c9cfa2dbb6562ca8cdb9d67bbb05
- SHA256
  
  4bc9368951402ceeeb84da58c82e02a4ea9e09f5a4425daf5094ea5d87a14e9a
- SHA512
  
  950f4bde7f04a581496df019719074fa4516ce0bd7ace547a77bbb069467816b4c42236b6f23c4fd476ac74c907fa764861c9422c832c7910ed651b6445138f1
- SSDEEP
  
  6144:aWnRr/qJy8CQnzX473venaGyRAU9uBXP:rn9qJ5rnzoLvong6X
Score

1^/10
behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2