bazarloader | 3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec | Triage

Analysis

max time kernel
134s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
19-03-2022 12:11

Sharing

Report Analysis Logs

General

Target

3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe
Size

280KB
MD5

c3ad311ea64ad7981b6451f47ff88202
SHA1

061cb8020a2ce9e442b158bc2f4f2a349e456279
SHA256

3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec
SHA512

6df2bbfb42ddf5bae9bc9c1b810b3c8343218aa38a0715e7e16a6ea3bccf77e691165333b1276d7709fbd693a741b949864d67249b710b7afe5c66709529d7ef

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1184-130-0x0000000000A10000-0x0000000000A2B000-memory.dmp	BazarLoaderVar1
behavioral2/memory/1184-134-0x00000000009F0000-0x0000000000A09000-memory.dmp	BazarLoaderVar1

C:\Users\Admin\AppData\Local\Temp\3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe
"C:\Users\Admin\AppData\Local\Temp\3985648d781de545cf1209469454b88f7f6e54696b6a050dbb7ba2ba1eae2cec.exe"
1⤵
PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1184-130-0x0000000000A10000-0x0000000000A2B000-memory.dmp

Filesize
108KB

Download
memory/1184-134-0x00000000009F0000-0x0000000000A09000-memory.dmp

Filesize
100KB

Download