General
Target
Filesize
Completed
Task
73d.dll
192KB
25-11-2021 16:51
behavioral1
Score
10/10
MD5
SHA1
SHA256
SHA256
22772708f29d1d82688957f1ee572f40
cbba8f327d481e64327a05f5b58398c9eb17ceda
73df9097a26595ae9455d866a9bcc9c703700b62946baadbe1d431805f7e2e2d
48c1b78843e322d5fe9784ea861721211abd0a4d5b982b2f152e7e14f159ee103712224ca6ce9c788a659983fc84eb3eea04ca71e1e925c3a1e02b10a616e2db
Malware Config
Signatures 2
Filter: none
-
Bazar Loader
Description
Detected loader normally used to deploy BazarBackdoor malware.
Tags
-
Bazar/Team9 Loader payload
Reported IOCs
resource yara_rule behavioral1/memory/1532-56-0x0000000001EC0000-0x0000000001FBC000-memory.dmp BazarLoaderVar6 behavioral1/memory/384-57-0x0000000001AC0000-0x0000000001BBC000-memory.dmp BazarLoaderVar6
Processes 2
-
C:\Windows\system32\regsvr32.exePID:1532regsvr32 /s C:\Users\Admin\AppData\Local\Temp\73d.dll
-
C:\Windows\System32\rundll32.exePID:384C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\73d.dll,DllRegisterServer {4B039148-2F9B-4B67-AD2F-E27D8D543FD1}
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/384-57-0x0000000001AC0000-0x0000000001BBC000-memory.dmp
-
memory/1532-55-0x000007FEFB7D1000-0x000007FEFB7D3000-memory.dmp
-
memory/1532-56-0x0000000001EC0000-0x0000000001FBC000-memory.dmp
Title
Loading data