bazarloader | 65b652b99cd7ed6bd82bd0f258b03a483e0da9f3314b67fe9728eca76c3d59a2 | Triage

Analysis

max time kernel
3s
max time network
8s
platform
windows7_x64
resource
win7v20201028
submitted
01-04-2021 03:26

Sharing

Report Analysis Logs

General

Target

61968c8debeae1e415a485c0b4d79b46.exe
Size

285KB
MD5

61968c8debeae1e415a485c0b4d79b46
SHA1

59dd3058a18f6fe59a3951c6f119aaf89d52e30f
SHA256

65b652b99cd7ed6bd82bd0f258b03a483e0da9f3314b67fe9728eca76c3d59a2
SHA512

15ceac84b2a148eab343f2b7efdee863cf1d97c623592e52c02772d3e498e4c3fae4d8432c21a86dfa66c122e783d71e833218483e05e06016da56432434863e

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1064-3-0x0000000180000000-0x0000000180035000-memory.dmp	BazarLoaderVar6

C:\Users\Admin\AppData\Local\Temp\61968c8debeae1e415a485c0b4d79b46.exe
"C:\Users\Admin\AppData\Local\Temp\61968c8debeae1e415a485c0b4d79b46.exe"
1⤵
PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1064-2-0x000000013F480000-0x000000013F4CA000-memory.dmp

Filesize
296KB

Download
memory/1064-3-0x0000000180000000-0x0000000180035000-memory.dmp

Filesize
212KB

Download