Overview

overview

10

Static

static

438e65524f3aed...57.dll

windows7_x64

10

438e65524f3aed...57.dll

windows10-2004_x64

10
General
Target

438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57.dll

Filesize

712KB

Completed

13-04-2022 09:11

Task

behavioral1

Score
10/10
MD5

115cb0ec229fd573d4dd2185f97a750e

SHA1

356dccb236839ebea822d842fec20123ed9180de

SHA256

438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57

SHA256

7db15f39baf208a3885b6991fe93f69d1905ef97bf52988b7febec76034da8bf70035fb091b58942d3d66dd37178110384ff02360988bb1e9fa7a62a71df49a6

Malware Config

Extracted

Family

bazarloader
C2

reddew28c.bazar
Signatures 2

Filter: none

  • Bazar Loader

    Description

    Detected loader normally used to deploy BazarBackdoor malware.

    Tags

  • Bazar/Team9 Loader payload

    Reported IOCs

    resourceyara_rule
    behavioral1/memory/1652-54-0x0000000001AD0000-0x0000000001AFB000-memory.dmpBazarLoaderVar6
Processes 1
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57.dll,#1
    PID:1652
Network
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Replay Monitor
                          00:00 00:00
                          Downloads

                          • memory/1652-54-0x0000000001AD0000-0x0000000001AFB000-memory.dmp

                            Download