bazarloader | 6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa | Triage

Analysis

max time kernel
130s
max time network
139s
platform
windows7_x64
resource
win7-en-20211104
submitted
25-11-2021 16:48

Sharing

Report Analysis Logs

General

Target

6e9.dll
Size

299KB
MD5

22b5e032fe580f4e2a9b60901b50a71a
SHA1

81dec8703a7fa0bb893ba71a47eece13ab18ca7c
SHA256

6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa
SHA512

c78dc7bdfba8f57cf8d64977b05e46ef4ef81d7f99a80d1921f4d32176404dee667d26a898eb0650be2c8d965720b3ea3c4eae39c5e67bd8b01a528b32f1d2a1

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1864-56-0x0000000001F70000-0x0000000002144000-memory.dmp	BazarLoaderVar6
behavioral1/memory/1808-57-0x0000000001BE0000-0x0000000001DB4000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e9.dll
1⤵
PID:1864

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e9.dll,DllRegisterServer {4D6DB19A-5895-44B8-A357-E6F228620BCF}
1⤵
PID:1808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1808-57-0x0000000001BE0000-0x0000000001DB4000-memory.dmp

Filesize
1.8MB

Download
memory/1864-55-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

Filesize
8KB

Download
memory/1864-56-0x0000000001F70000-0x0000000002144000-memory.dmp

Filesize
1.8MB

Download