bazarloader | b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa | Triage

Analysis

max time kernel
134s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
30-06-2023 12:47

Sharing

Report Analysis Logs

General

Target

file2.dll
Size

1.3MB
MD5

7a8ff582c7e91af4c10019b82ada67b4
SHA1

e2f42f1520058593d93e5378760724f918705b04
SHA256

b35e23599a0c1f88bc04a1a656aa158fda2fc46750d810bfe6801f96cdbec0fa
SHA512

1087afe7168c66e10858e88004d213fa7286cae22b538324045595e637739938ef47273ccc8efda83e84f115d2800b121b18d3ca9241b9f04b386d887b301018
SSDEEP

12288:k63GNTFtSCQ8NLaVhGqEdxtsvoxR6polnJeGek1XAmb/VVyor5M1ITUHAS/JaNq8:dRQZrx1iKn27A0TqD4+

Score

10^/10

bazarloader dropper loader

Malware Config

Extracted

Family

bazarloader

C2

162.33.179.217

45.61.136.110

192.155.90.240

162.33.179.111

reddew28c.bazar

bluehail.bazar

whitestorm9p.bazar

Signatures

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\file2.dll,#1
1⤵
PID:2024

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2024-54-0x0000000001C30000-0x0000000001DA4000-memory.dmp

Filesize
1.5MB

Download