83a.dll

General
Target

83a.dll

Filesize

278KB

Completed

25-11-2021 16:51

Score
10/10
MD5

8e91dc946e15d16b4c128e85fef3e047

SHA1

e6d47ebee8a3e870f01a2fe2664fb9ca6c8e5dac

SHA256

83a864de3939256d0a9d4d6523277329a1caa1a2a62238222f7865121d478843

Malware Config
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1452-56-0x0000000001F00000-0x0000000002008000-memory.dmpBazarLoaderVar6
    behavioral1/memory/436-57-0x0000000001C20000-0x0000000001D28000-memory.dmpBazarLoaderVar6
Processes 2
  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\83a.dll
    PID:1452
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\83a.dll,DllRegisterServer {B3E795A0-3D37-4CFE-8A5E-A9F65DD5F963}
    PID:436
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads
                          • memory/436-57-0x0000000001C20000-0x0000000001D28000-memory.dmp

                          • memory/1452-55-0x000007FEFB8D1000-0x000007FEFB8D3000-memory.dmp

                          • memory/1452-56-0x0000000001F00000-0x0000000002008000-memory.dmp