bazarloader | b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb | Triage

Submit
Reports

Overview

overview

Static

static

fileman.dll

windows7_x64

fileman.dll

windows10-2004_x64

Analysis

max time kernel
151s
max time network
45s
platform
windows7_x64
resource
win7-20220414-en
submitted
01-06-2022 16:05

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

fileman.dll

Resource

win7-20220414-en

bazarloader dropper loader

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

fileman.dll

Resource

win10v2004-20220414-en

bazarloader dropper loader

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

fileman.dll
Size

213KB
MD5

6f3be0dfe6b5971b16464b7924772445
SHA1

8af5e975c00f5bdbd843f644a60adbb5f8da8a0d
SHA256

b51cb6fa584a073fe95bcf8749cf84363cb431f520a5d97cec92aae88329b7cb
SHA512

a1a8d49ec7610c37284a2e9f7409f1f93343c7d9c676985b9a3759388835880e7e376451e89294654cb4fc0f6c6386876896da50347c8bc4a98b80b1825cd5ef

Score

10^/10

bazarloader dropper loader

Malware Config

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fileman.dll,#1
1⤵
PID:776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/776-54-0x00000000004B0000-0x00000000004D0000-memory.dmp

Filesize
128KB

Download

© 2018-2024

Terms | Privacy