Analysis
-
max time kernel
147s -
max time network
46s -
platform
windows7_x64 -
resource
win7-20220331-en -
submitted
04-04-2022 03:24
Static task
static1
Behavioral task
behavioral1
Sample
fileman.dll
Resource
win7-20220331-en
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
fileman.dll
Resource
win10v2004-20220331-en
windows10-2004_x64
0 signatures
0 seconds
General
-
Target
fileman.dll
-
Size
213KB
-
MD5
6f3be0dfe6b5971b16464b7924772445
-
SHA1
8af5e975c00f5bdbd843f644a60adbb5f8da8a0d
-
SHA256
b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb
-
SHA512
a1a8d49ec7610c37284a2e9f7409f1f93343c7d9c676985b9a3759388835880e7e376451e89294654cb4fc0f6c6386876896da50347c8bc4a98b80b1825cd5ef
Score
10/10
Malware Config
Extracted
Family
bazarloader
C2
148.163.42.213
5.255.102.10
188.127.235.177
23.160.193.221
reddew28c.bazar
bluehail.bazar
whitestorm9p.bazar
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1360-54-0x00000000002D0000-0x00000000002F0000-memory.dmpFilesize
128KB