6e9.dll

General
Target

6e9.dll

Filesize

299KB

Completed

25-11-2021 16:51

Score
10/10
MD5

22b5e032fe580f4e2a9b60901b50a71a

SHA1

81dec8703a7fa0bb893ba71a47eece13ab18ca7c

SHA256

6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1864-56-0x0000000001F70000-0x0000000002144000-memory.dmpBazarLoaderVar6
    behavioral1/memory/1808-57-0x0000000001BE0000-0x0000000001DB4000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e9.dll
    PID:1864
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e9.dll,DllRegisterServer {4D6DB19A-5895-44B8-A357-E6F228620BCF}
    PID:1808
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/1808-57-0x0000000001BE0000-0x0000000001DB4000-memory.dmp

                          • memory/1864-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

                          • memory/1864-56-0x0000000001F70000-0x0000000002144000-memory.dmp