bazarloader | 3bde6c38372122656048634c696a7036ca29fa62930853ef59e778f92b015bf2 | Triage

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-en-20211104
submitted
25-11-2021 16:37

Sharing

Report Analysis Logs

General

Target

3bd.dll
Size

451KB
MD5

25b53bbd30d0bfdf2d18f02b26ccf240
SHA1

c83b17ba53ed7a20779ddba6b7074406adb4ae25
SHA256

3bde6c38372122656048634c696a7036ca29fa62930853ef59e778f92b015bf2
SHA512

138ead30af34ced28e86318d8d5f78b846bd27ae4892fcac3fc3e69e72ea5f926d89c745525b763b3463c72c42173cf1d5fc58976be263a6349f92666603fee8

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1648-57-0x0000000180001000-0x0000000180019000-memory.dmp	BazarLoaderVar6
behavioral1/memory/560-59-0x0000000180001000-0x0000000180019000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3bd.dll
1⤵
PID:1648

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bd.dll,DllRegisterServer {550B1D27-4438-4B71-9504-0F470811E005}
1⤵
PID:560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/560-59-0x0000000180001000-0x0000000180019000-memory.dmp

Filesize
96KB

Download
memory/1648-55-0x000007FEFB6F1000-0x000007FEFB6F3000-memory.dmp

Filesize
8KB

Download
memory/1648-56-0x00000000002B0000-0x00000000002C4000-memory.dmp

Filesize
80KB

Download
memory/1648-57-0x0000000180001000-0x0000000180019000-memory.dmp

Filesize
96KB

Download