Team9 Loader

Malware Profile Updated 3 months ago
Download STIX
Preview STIX
The Team9 loader is a type of malware that infiltrates systems, often without the user's knowledge, through suspicious downloads, emails, or websites. The initial examination focused on the early variant of the Team9 loader, which used specific domains such as bestgame[.]bazar and forgame[.]bazar to deploy its malicious activities. It utilized various URIs to potentially download either 32-bit or 64-bit versions of the Team9 loader or backdoor. These operations were identified by Mutex names such as mn_185445 and {589b7a4a-3776-4e82-8e7d-435471a6c03c}. Additionally, the loader attempted to execute hijacked shortcut files, which would subsequently run an instance of the Team9 loader. Following the analysis of the early variant, attention was turned to what appeared to be the latest variant of the Team9 loader. This updated version displayed similar functionality but showed signs of evolution in its operation. It used different URIs to potentially download updated 32-bit or 64-bit versions of the Team9 loader or backdoor. Notably, it continued the practice of attempting to execute hijacked shortcut files, thereby running an instance of the Team9 loader. In parallel, the operational Bazar loader was also examined. This loader shared similarities with the Team9 variants, using specific URIs to potentially download either 32-bit or 64-bit versions of the Team9 backdoor. The identified bazar domains and their URIs were summarized for this Team9 loader variant. All these findings highlight the evolving nature of malware threats and underline the importance of continuous monitoring and updating of cybersecurity measures.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Team9
1
Team9 is a malware, short for malicious software, that poses significant threats to computer systems and data. The malware's operations start with the Team9 loader, which upon examination shows a XOR key of the infection date in the YYYYMMDD format (ISO 8601). This loader downloads a XOR-encoded pay
Bazar Loader
1
Bazar Loader is a type of malware that infiltrates systems through phishing emails containing links to Google Drive, where the payload is stored. It's associated with the threat actors behind Trickbot and Anchor malware, as evidenced by our previous research from December 2019. The Bazar loader and
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Payload
Backdoor
Loader
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
BazarUnspecified
1
"Bazar" is a form of malware, a malicious software designed to exploit and damage computer systems. This harmful program can infiltrate systems via suspicious downloads, emails, or websites, often unbeknownst to the user. Once it gains access, it can steal personal information, disrupt operations, o
Team9 BackdoorUnspecified
1
Team9 backdoor is a malicious software designed to exploit and damage computer systems. It infiltrates the system through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or hold data hostage for ransom. The malwar
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Team9 Loader Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
MITRE
a year ago
In-depth analysis of the new Team9 malware family
MITRE
a year ago
A Bazar of Tricks: Following Team9’s Development Cycles