bazarloader | 9c4807666747c9befea4427e5b9791193fdb105d53400639e8cc401d92463be2

Submit
Reports

Overview

overview

Static

static

061dfb6a25...52.dll

windows7_x64

061dfb6a25...52.dll

windows10_x64

06d55f75d7...d2.dll

windows7_x64

06d55f75d7...d2.dll

windows10_x64

24401ac43b...65.dll

windows7_x64

24401ac43b...65.dll

windows10_x64

260e2d5769...40.dll

windows7_x64

260e2d5769...40.dll

windows10_x64

26cd036960...18.dll

windows7_x64

26cd036960...18.dll

windows10_x64

2a0a88a2e5...4a.dll

windows7_x64

2a0a88a2e5...4a.dll

windows10_x64

2f33217d51...94.dll

windows7_x64

2f33217d51...94.dll

windows10_x64

336cdd146b...da.dll

windows7_x64

336cdd146b...da.dll

windows10_x64

417c1828d9...73.dll

windows7_x64

417c1828d9...73.dll

windows10_x64

4d3095c796...ee.dll

windows7_x64

4d3095c796...ee.dll

windows10_x64

54e526fe05...4c.dll

windows7_x64

54e526fe05...4c.dll

windows10_x64

6402b33d72...3b.dll

windows7_x64

6402b33d72...3b.dll

windows10_x64

64c044cb3e...db.dll

windows7_x64

64c044cb3e...db.dll

windows10_x64

671f477c30...4e.dll

windows7_x64

671f477c30...4e.dll

windows10_x64

67785724b6...ce.dll

windows7_x64

67785724b6...ce.dll

windows10_x64

6c6934613a...fb.dll

windows7_x64

6c6934613a...fb.dll

windows10_x64

Resubmissions

01-11-2021 12:31

211101-pp5r3ahha4 10

31-10-2021 09:03

211031-k1bwxacfaq 10

14-10-2021 01:44

211014-b6aflafeg4 10

Analysis

max time kernel
158s
max time network
179s
platform
windows10_x64
resource
win10-en-20210920
submitted
14-10-2021 01:44

Sharing

Copy URL

Twitter E-mail

Static task

static1

Behavioral task

behavioral1

Sample

061dfb6a251e536f700a295239652dafab34aee5e5145320d1d57e3fca5e5d52.dll

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

061dfb6a251e536f700a295239652dafab34aee5e5145320d1d57e3fca5e5d52.dll

Resource

win10v20210408

qakbot notset 1632819510 banker stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

06d55f75d7c76d6924c0b8439fa3cda28b89284204a6db982e4baf3a37fb35d2.dll

Resource

win7-en-20210920

qakbot tr 1633597626 banker stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral4

Sample

06d55f75d7c76d6924c0b8439fa3cda28b89284204a6db982e4baf3a37fb35d2.dll

Resource

win10v20210408

qakbot tr 1633597626 banker stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral5

Sample

24401ac43b6dbb7048cb27425b4f0f76a9b20b6b4fffa33ff8091c3c11ef8365.dll

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral6

Sample

24401ac43b6dbb7048cb27425b4f0f76a9b20b6b4fffa33ff8091c3c11ef8365.dll

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral7

Sample

260e2d5769f0a50a7b49d4c43059221eb7acc4b9fc460763e0cfcd793f2a6840.dll

Resource

win7-en-20210920

qakbot tr 1633334141 banker stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral8

Sample

260e2d5769f0a50a7b49d4c43059221eb7acc4b9fc460763e0cfcd793f2a6840.dll

Resource

win10-en-20210920

qakbot tr 1633334141 banker stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral9

Sample

26cd03696045fb93b415b022fa6bc832098394bf362f4b4c4e897e9550d12618.dll

Resource

win7v20210408

squirrelwaffle downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral10

Sample

26cd03696045fb93b415b022fa6bc832098394bf362f4b4c4e897e9550d12618.dll

Resource

win10-en-20210920

squirrelwaffle downloader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral11

Sample

2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a.dll

Resource

win7v20210408

squirrelwaffle downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral12

Sample

2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a.dll

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral13

Sample

2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll

Resource

win7v20210408

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral14

Sample

2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll

Resource

win10-en-20210920

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral15

Sample

336cdd146beca939c6d1e3e3c00cc10ec2d6e859a18d350bff937ad5194c27da.dll

Resource

win7-en-20210920

qakbot tr 1632730751 banker stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral16

Sample

336cdd146beca939c6d1e3e3c00cc10ec2d6e859a18d350bff937ad5194c27da.dll

Resource

win10v20210408

qakbot tr 1632730751 banker stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral17

Sample

417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473.dll

Resource

win7-en-20210920

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral18

Sample

417c1828d98ba4f05f7a2edb71a9105f0aebf3d554393970b96e59d4db7b4473.dll

Resource

win10v20210408

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral19

Sample

4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee.dll

Resource

win7-en-20210920

qakbot obama101 1632228858 banker stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral20

Sample

4d3095c7965c7bdd32b81b72c95f767134915cf08ebe1237721ed5208de4beee.dll

Resource

win10v20210408

qakbot obama101 1632228858 banker stealer trojan

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral21

Sample

54e526fe059a3f25cdaed954e32f44eadffb3e51548658409468dcf2d63b634c.dll

Resource

win7-en-20210920

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral22

Sample

54e526fe059a3f25cdaed954e32f44eadffb3e51548658409468dcf2d63b634c.dll

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral23

Sample

6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b.dll

Resource

win7v20210408

squirrelwaffle downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral24

Sample

6402b33d729c8bb44881747a8f397f4aec408bf5e18b9af6fd86cdfa3f96323b.dll

Resource

win10-en-20210920

squirrelwaffle downloader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral25

Sample

64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb.dll

Resource

win7v20210408

squirrelwaffle downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral26

Sample

64c044cb3ec26babdd17107b2aa6ded60b22473c4e2943e1fcc03df8bc2e0edb.dll

Resource

win10-en-20210920

squirrelwaffle downloader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral27

Sample

671f477c3039786c5f3553760377be03b91bfb66f31ba9370ed2193192cf5b4e.dll

Resource

win7v20210408

squirrelwaffle downloader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral28

Sample

671f477c3039786c5f3553760377be03b91bfb66f31ba9370ed2193192cf5b4e.dll

Resource

win10-en-20210920

squirrelwaffle downloader

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral29

Sample

67785724b67ecd79b7cd4c64a249794b9abda8b680fe52a0ce85bb83ddfb6cce.dll

Resource

win7v20210408

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral30

Sample

67785724b67ecd79b7cd4c64a249794b9abda8b680fe52a0ce85bb83ddfb6cce.dll

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Behavioral task

behavioral31

Sample

6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb.dll

Resource

win7-en-20210920

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral32

Sample

6c6934613abde41f82043bb7c269a1e614920a83a2b90eaf325ca7b998183efb.dll

Resource

win10v20210408

bazarloader dropper loader

windows10_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll
Size

172KB
MD5

2c55997f5febc79d8aec77991f178138
SHA1

9d6d02ba0d021b6cdbf1fb8f594ebab3214325da
SHA256

2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894
SHA512

099ad760edaf05a1b180f451c48762627bfc374c8ed2e1ff8969d18787a366495b3576cf7f3724c932d52fa34897e4ee57b7824df9c11d6f6784ec310ee40820

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

resource	yara_rule
behavioral14/memory/2392-116-0x0000000002780000-0x00000000028AC000-memory.dmp	BazarLoaderVar6
behavioral14/memory/3260-117-0x0000023F84E90000-0x0000023F84FBC000-memory.dmp	BazarLoaderVar6

Processes

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll
1⤵
PID:2392

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f33217d51117cf3d6c6ed3ab50724964367fc7a85e1bb1dc87d241b8d953894.dll,DllRegisterServer {CFB63F2C-61E6-4E3E-AC4E-0DEC4764644C}
1⤵
PID:3260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-116-0x0000000002780000-0x00000000028AC000-memory.dmp

Filesize
1.2MB

Download
memory/3260-117-0x0000023F84E90000-0x0000023F84FBC000-memory.dmp

Filesize
1.2MB

Download