bazarloader | 6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa | Triage

Analysis

max time kernel
106s
max time network
120s
platform
windows10_x64
resource
win10-en-20211104
submitted
25-11-2021 16:48

Sharing

Report Analysis Logs

General

Target

6e9.dll
Size

299KB
MD5

22b5e032fe580f4e2a9b60901b50a71a
SHA1

81dec8703a7fa0bb893ba71a47eece13ab18ca7c
SHA256

6e9dc528a78281330852cea1b921d9b2d2776573215e6df143021edb8e3e1dfa
SHA512

c78dc7bdfba8f57cf8d64977b05e46ef4ef81d7f99a80d1921f4d32176404dee667d26a898eb0650be2c8d965720b3ea3c4eae39c5e67bd8b01a528b32f1d2a1

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/2380-118-0x0000000002850000-0x0000000002A24000-memory.dmp	BazarLoaderVar6
behavioral2/memory/4068-119-0x000001DE42930000-0x000001DE42B04000-memory.dmp	BazarLoaderVar6

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\6e9.dll
1⤵
PID:2380

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e9.dll,DllRegisterServer {0B89D403-33F8-4BC5-8939-62B7F3C5025D}
1⤵
PID:4068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-118-0x0000000002850000-0x0000000002A24000-memory.dmp

Filesize
1.8MB

Download
memory/4068-119-0x000001DE42930000-0x000001DE42B04000-memory.dmp

Filesize
1.8MB

Download