3bd.dll

General
Target

3bd.dll

Filesize

451KB

Completed

25-11-2021 16:40

Score
10/10
MD5

25b53bbd30d0bfdf2d18f02b26ccf240

SHA1

c83b17ba53ed7a20779ddba6b7074406adb4ae25

SHA256

3bde6c38372122656048634c696a7036ca29fa62930853ef59e778f92b015bf2

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/2740-115-0x0000000180001000-0x0000000180019000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\3bd.dll
    PID:2740
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bd.dll,DllRegisterServer {B5EE2616-0CB0-4545-8FF3-4EF7F23F36AF}
    PID:2208
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/2740-115-0x0000000180001000-0x0000000180019000-memory.dmp