bazarloader | 1625a3baefca74d244796f8ba85972350fda0994cf6752ac4d8ea8ff93052f42

Resubmissions

16-03-2022 10:58

16-09-2021 14:03

15-09-2021 23:08

Target

DialogGL.exe
Size

224KB
MD5

3e494cf9a64f6836638f8f99d4015d5b
SHA1

de1d042453c77ba66bb9993c40245fd493fcb679
SHA256

1625a3baefca74d244796f8ba85972350fda0994cf6752ac4d8ea8ff93052f42
SHA512

e2db480175db189de53d35fe6a2318f9ccafec0ca709efa35d38444f52ab1a4db60a7ce9f4414131ee478dd262c50d904eec5eaf6fbd98b2ca2e95c590c89dee

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 4 IoCs

Processes:

resource	yara_rule
behavioral1/memory/748-57-0x0000000000510000-0x0000000000524000-memory.dmp	BazarLoaderVar1
behavioral1/memory/748-61-0x0000000000530000-0x0000000000546000-memory.dmp	BazarLoaderVar1
behavioral1/memory/1488-73-0x00000000003D0000-0x00000000003E4000-memory.dmp	BazarLoaderVar1
behavioral1/memory/1488-77-0x0000000001E90000-0x0000000001EA6000-memory.dmp	BazarLoaderVar1

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

DialogGL.exeDialogGL.exe

C:\Users\Admin\AppData\Local\Temp\DialogGL.exe
"C:\Users\Admin\AppData\Local\Temp\DialogGL.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\DialogGL.exe
C:\Users\Admin\AppData\Local\Temp\DialogGL.exe {6206A036-AA7C-4937-957E-E3FA30A8E0D0}
1⤵
- Suspicious use of SetWindowsHookEx
PID:1488

memory/748-54-0x00000000760B1000-0x00000000760B3000-memory.dmp

Filesize
8KB

Download
memory/748-55-0x00000000004F0000-0x0000000000501000-memory.dmp

Filesize
68KB

Download
memory/748-57-0x0000000000510000-0x0000000000524000-memory.dmp

Filesize
80KB

Download
memory/748-61-0x0000000000530000-0x0000000000546000-memory.dmp

Filesize
88KB

Download
memory/1488-73-0x00000000003D0000-0x00000000003E4000-memory.dmp

Filesize
80KB

Download
memory/1488-77-0x0000000001E90000-0x0000000001EA6000-memory.dmp

Filesize
88KB

Download