bazarloader | bd0b7a5e28d9fb31657ed7bfe1a4078237909cd5747ab3705a5d5aa609eab73e | Triage

Analysis

max time kernel
149s
max time network
196s
platform
windows7_x64
resource
win7-en-20210920
submitted
25-10-2021 19:15

Sharing

Report Analysis Logs

General

Target

GiecQSs.bin.dll
Size

186KB
MD5

6bdc157542846873b3ea1854f4e93d76
SHA1

b14ed5008108b570ec40c3c2d8390d0efb31cef7
SHA256

fd17907d5c330897248b4eeb10b26bd72a1a9d15eb8422c80a4bf17a9eccc24d
SHA512

2ecb5c8695e927369e464634d2464e6e6e25f660453b3b6c43b035d883627a57c90ccdc5da467b4b110ff735a445332735ca9413ad0c723fb4a11cbd4d82f045

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1112-54-0x00000000001C0000-0x00000000001F0000-memory.dmp	BazarLoaderVar5

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\GiecQSs.bin.dll
1⤵
PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1112-53-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download
memory/1112-54-0x00000000001C0000-0x00000000001F0000-memory.dmp

Filesize
192KB

Download