6e9.dll

General
Target

6e9.dll

Filesize

299KB

Completed

25-11-2021 16:51

Score
10/10
MD5

22b5e032fe580f4e2a9b60901b50a71a

SHA1

81dec8703a7fa0bb893ba71a47eece13ab18ca7c

SHA256

6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral2/memory/2380-118-0x0000000002850000-0x0000000002A24000-memory.dmpBazarLoaderVar6
    behavioral2/memory/4068-119-0x000001DE42930000-0x000001DE42B04000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e9.dll
    PID:2380
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e9.dll,DllRegisterServer {0B89D403-33F8-4BC5-8939-62B7F3C5025D}
    PID:4068
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/2380-118-0x0000000002850000-0x0000000002A24000-memory.dmp

                          • memory/4068-119-0x000001DE42930000-0x000001DE42B04000-memory.dmp