Analysis
-
max time kernel
136s -
max time network
143s -
platform
windows7_x64 -
resource
win7-en-20210920 -
submitted
29-10-2021 13:36
Static task
static1
Behavioral task
behavioral1
Sample
main.php.dll
Resource
win7-en-20210920
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
main.php.dll
Resource
win10-en-20211014
windows10_x64
0 signatures
0 seconds
General
-
Target
main.php.dll
-
Size
329KB
-
MD5
9c9b58c38841af6f89ff90a746d63cec
-
SHA1
95481d6dfa4660bd24ac519561269b6fbd4571c1
-
SHA256
11f3d84aad7131fe124155c9edfceb594649e87de1ee03383f470442d6ed69a1
-
SHA512
7b32798e4652f05861cdb5e03abb1eeebe4183c4f5411cc73166fc1e31dab37c00104e3cc035b2fc9c8c3300b561c17b9cffccc8af79fbc78ea2b1b1e721b518
Score
10/10
Malware Config
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
suricata: ET MALWARE BazaLoader Activity (GET)
suricata: ET MALWARE BazaLoader Activity (GET)
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1792-55-0x0000000001DC0000-0x0000000001FD0000-memory.dmp BazarLoaderVar5