bazarloader | 3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec | Triage

Analysis

max time kernel
4294180s
max time network
135s
platform
windows7_x64
resource
win7-20220311-en
submitted
19-03-2022 12:11

Sharing

Report Analysis Logs

General

Target

3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe
Size

280KB
MD5

c3ad311ea64ad7981b6451f47ff88202
SHA1

061cb8020a2ce9e442b158bc2f4f2a349e456279
SHA256

3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec
SHA512

6df2bbfb42ddf5bae9bc9c1b810b3c8343218aa38a0715e7e16a6ea3bccf77e691165333b1276d7709fbd693a741b949864d67249b710b7afe5c66709529d7ef

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/576-55-0x0000000001D90000-0x0000000001DAB000-memory.dmp	BazarLoaderVar1
behavioral1/memory/576-59-0x0000000001D70000-0x0000000001D89000-memory.dmp	BazarLoaderVar1

C:\Users\Admin\AppData\Local\Temp\3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe
"C:\Users\Admin\AppData\Local\Temp\3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe"
1⤵
PID:576

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/576-54-0x000007FEF6121000-0x000007FEF6123000-memory.dmp

Filesize
8KB

Download
memory/576-55-0x0000000001D90000-0x0000000001DAB000-memory.dmp

Filesize
108KB

Download
memory/576-59-0x0000000001D70000-0x0000000001D89000-memory.dmp

Filesize
100KB

Download