bazarloader | 70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182 | Triage

Resubmissions

24-08-2021 15:46

210824-t6hzlqqj4a 10

24-08-2021 15:30

210824-gm7skbgnee 10

24-08-2021 15:27

210824-68px7xses6 10

24-08-2021 15:17

210824-2783vynafn 10

04-08-2021 16:51

210804-8pmmxqpdzn 10

Analysis

max time kernel
66s
max time network
68s
platform
windows10_x64
resource
win10v20210408
submitted
24-08-2021 15:46

Sharing

Report Analysis Logs

General

Target

JVrLyRD.dat.dll
Size

242KB
MD5

12e60d21fd9c8675368635ea5246e393
SHA1

60ae64cd005f862797279fb151c9a0433b8e654c
SHA256

70c2422033dd395c0a6c15b5e6dbdde34aa65b7481d4b8298e70e0c3e72a2182
SHA512

6509c404b274af6250a241b441558d010729da12bbad47dd59c2da5a7480f682ff8c5bfeace9b2bc65db22f212b6399cd74f3f25ae22354db0ca8e06d85ed189

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3088-114-0x00000000028F0000-0x0000000002A87000-memory.dmp	BazarLoaderVar6

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

description flow ioc

HTTP URL 13 https://api.opennicproject.org/geoip/?bare&ipv=4&wl=all&res=8

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\JVrLyRD.dat.dll
1⤵
PID:3088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3088-114-0x00000000028F0000-0x0000000002A87000-memory.dmp

Filesize
1.6MB

Download