bazarloader | 6d86a2bc4e194b802ac5e1a05bff69f9a6cc28a947780db9248845b22b2025bb | Triage

Resubmissions

13-05-2022 11:39

220513-nsgc7sfaf9 10

Analysis

max time kernel
131s
max time network
143s
platform
windows7_x64
resource
win7-20220414-en
submitted
13-05-2022 11:39

Sharing

Report Analysis Logs

General

Target

24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll
Size

285KB
MD5

215e0accdf538d48a8a7bf79009e8f9b
SHA1

4ff45fb8003ab1075bdbbc9d044b7c31374f3cdb
SHA256

24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9
SHA512

39139d9ae3149eae6185878eb1943f233b7c7c503fd66a4c1f58deab46b451adaec3c939521dc7d6b2d4e3e6456a429c4591430943ac6bfd3381654d68c27443

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1836-54-0x0000000001B50000-0x0000000001B6B000-memory.dmp	BazarLoaderVar6
behavioral1/memory/828-55-0x0000000000120000-0x000000000013B000-memory.dmp	BazarLoaderVar6

Blocklisted process makes network request 4 IoCs

Processes:

rundll32.exe

flow pid process

2 1836 rundll32.exe
7 1836 rundll32.exe
9 1836 rundll32.exe
10 1836 rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll,#1
1⤵
- Blocklisted process makes network request
PID:1836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\24f692b4ee982a145abf12c5c99079cfbc39e40bd64a3c07defaf36c7f75c7a9.dll,StartW 1112072312
1⤵
PID:828

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/828-55-0x0000000000120000-0x000000000013B000-memory.dmp

Filesize
108KB

Download
memory/1836-54-0x0000000001B50000-0x0000000001B6B000-memory.dmp

Filesize
108KB

Download