General
Target
Filesize
Completed
Task
438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57.dll
712KB
13-04-2022 09:11
behavioral1
Score
10/10
MD5
SHA1
SHA256
SHA256
115cb0ec229fd573d4dd2185f97a750e
356dccb236839ebea822d842fec20123ed9180de
438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57
7db15f39baf208a3885b6991fe93f69d1905ef97bf52988b7febec76034da8bf70035fb091b58942d3d66dd37178110384ff02360988bb1e9fa7a62a71df49a6
Malware Config
Extracted
Family | bazarloader |
C2 |
reddew28c.bazar |
Signatures 2
Filter: none
-
Bazar Loader
Description
Detected loader normally used to deploy BazarBackdoor malware.
Tags
-
Bazar/Team9 Loader payload
Reported IOCs
resource yara_rule behavioral1/memory/1652-54-0x0000000001AD0000-0x0000000001AFB000-memory.dmp BazarLoaderVar6
Processes 1
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\438e65524f3aed305bd5965137ca17cd7cff32a2e26b91c37ae0a16b9e696e57.dll,#1
Network
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Replay Monitor
00:00
00:00
Downloads
-
memory/1652-54-0x0000000001AD0000-0x0000000001AFB000-memory.dmp
Title
Loading data