bazarloader | e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8 | Triage

Submit
Reports

Overview

overview

Static

static

3

9a1725b1db...18.dll

windows7-x64

9a1725b1db...18.dll

windows10-2004-x64

Sharing

General

Target

9a1725b1db1d41e3718526e265a8c6fb_JaffaCakes118
Size

355KB
Sample

240402-3hzt5agh2x
MD5

9a1725b1db1d41e3718526e265a8c6fb
SHA1

3f38ead3e0ce0d8ae516465e2bcad43cf1dd8970
SHA256

e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
SHA512

142ef77760974c044061214dce1597599315ea08ffe12627500d3a0f71e8b290e33a3d97372439f3b01f57f2282549ce7143b033180e2584b56e25ab99e60bc7
SSDEEP

6144:BeiSscyk7I05DgnncrqB4MKqeuR9pO0iS2TBBQxKMedx2isuXuKnJtyK5iHI:zl12TAisuX/Jtd

Score

10^/10

bazarloader dropper loader

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

9a1725b1db1d41e3718526e265a8c6fb_JaffaCakes118.dll

Resource

win7-20240221-en

bazarloader dropper loader

windows7-x64

6 signatures

150 seconds

Behavioral task

behavioral2

Sample

9a1725b1db1d41e3718526e265a8c6fb_JaffaCakes118.dll

Resource

win10v2004-20240226-en

bazarloader dropper loader

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  9a1725b1db1d41e3718526e265a8c6fb_JaffaCakes118
- Size
  
  355KB
- MD5
  
  9a1725b1db1d41e3718526e265a8c6fb
- SHA1
  
  3f38ead3e0ce0d8ae516465e2bcad43cf1dd8970
- SHA256
  
  e31898f207733cf33a6f951d8337d6cd303334a9df95956686657e3f13436ae8
- SHA512
  
  142ef77760974c044061214dce1597599315ea08ffe12627500d3a0f71e8b290e33a3d97372439f3b01f57f2282549ce7143b033180e2584b56e25ab99e60bc7
- SSDEEP
  
  6144:BeiSscyk7I05DgnncrqB4MKqeuR9pO0iS2TBBQxKMedx2isuXuKnJtyK5iHI:zl12TAisuX/Jtd
Score

10^/10

bazarloader dropper loader
- Bazar Loader
  Detected loader normally used to deploy BazarBackdoor malware.
  loader dropper bazarloader
- Bazar/Team9 Loader payload
- Blocklisted process makes network request
- Tries to connect to .bazar domain
  Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bazarloaderdropperloader

behavioral2

bazarloaderdropperloader

© 2018-2024

Terms | Privacy