Analysis
-
max time kernel
4294183s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20220310-en -
submitted
30-03-2022 04:38
Static task
static1
Behavioral task
behavioral1
Sample
6636b60011ed2cd2252f2807938c3f35561d08a0d1a93fe46154a6932e288ef2.dll
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
6636b60011ed2cd2252f2807938c3f35561d08a0d1a93fe46154a6932e288ef2.dll
Resource
win10v2004-en-20220113
General
-
Target
6636b60011ed2cd2252f2807938c3f35561d08a0d1a93fe46154a6932e288ef2.dll
-
Size
710KB
-
MD5
42fb1da17cf2cf629e6479435248f628
-
SHA1
4522761de7b60201c93bdc2734ee5a3cb19f3e9d
-
SHA256
6636b60011ed2cd2252f2807938c3f35561d08a0d1a93fe46154a6932e288ef2
-
SHA512
5fab151affb93ebbff1319a1f8eb7e4f89cfbf851a4c97d69ac30da1c9b5022858707a62aec09055dba0e4adf0d3da8513831f58e3a95891ce068594133b655c
Malware Config
Extracted
bazarloader
reddew28c.bazar
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/948-54-0x00000000001A0000-0x00000000001CB000-memory.dmp BazarLoaderVar6
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/948-54-0x00000000001A0000-0x00000000001CB000-memory.dmpFilesize
172KB