Analysis
-
max time kernel
120s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20230712-en -
resource tags
arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system -
submitted
18-08-2023 16:35
Static task
static1
Behavioral task
behavioral1
Sample
357b137ee7ee5fcc5a35684e337e3e2c_bazarloader_icedid_JC.dll
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
357b137ee7ee5fcc5a35684e337e3e2c_bazarloader_icedid_JC.dll
Resource
win10v2004-20230703-en
General
-
Target
357b137ee7ee5fcc5a35684e337e3e2c_bazarloader_icedid_JC.dll
-
Size
322KB
-
MD5
357b137ee7ee5fcc5a35684e337e3e2c
-
SHA1
c02be8c2e4d244ceaa078b0137fc70d926d511a0
-
SHA256
5e0cc941755e4cfd8afb6a51ab7de1725a80bab247bd6b3d65abd91f12e7020e
-
SHA512
3bf0e48bb3271f7e60c3b05250f2f7a46d5c65530431095665c994b5562f1a592c56d16dedb634b5d7149b8eba08f1106367cd558593f967fec0d4364304e703
-
SSDEEP
6144:OB/FRh5WBdJpj5vDHjsL71k24UjrfD1snOuOu+HUtjmCBIEq8og:cF/5EJptDUKO9sn1Ou+GjhBIB8
Malware Config
Extracted
bazarloader
162.33.178.121
162.33.178.246
162.33.177.25
162.33.178.119
reddew28c.bazar
Signatures
-
Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
-
Bazar/Team9 Loader payload 2 IoCs
Processes:
resource yara_rule behavioral1/memory/2572-54-0x0000000180000000-0x0000000180017000-memory.dmp BazarLoaderVar6 behavioral1/memory/2572-66-0x0000000180000000-0x0000000180017000-memory.dmp BazarLoaderVar6
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\357b137ee7ee5fcc5a35684e337e3e2c_bazarloader_icedid_JC.dll1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Users\Admin\AppData\Local\Temp\357b137ee7ee5fcc5a35684e337e3e2c_bazarloader_icedid_JC.dll,DllRegisterServer {8ECD753B-170D-4F3B-845E-F68F3B3F1957}1⤵