bazarloader | 1e093803d9fa80bbf214b426b573a2114d2a2a931fe58eb39256e5d0461de849

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:58

Target

38e91adac9a33b3ebb6a0fc54c4f893b.dll
Size

476KB
MD5

38e91adac9a33b3ebb6a0fc54c4f893b
SHA1

62265ccd164a4606a8447ad79e04bdae2ba2c318
SHA256

1e093803d9fa80bbf214b426b573a2114d2a2a931fe58eb39256e5d0461de849
SHA512

740af3f6c290bd6af90443de69e4edbcaa8d7050ddafcaa197f2c90c152786429da82a8143b40da2dfb2a0ae7beb6590865c115dcc3d19ed53e311405331811b
SSDEEP

12288:0FFMfdUxknJ9H+EVCevvH06JBXTFb5KFYOSXM65LsnUFMJnanMnY:20Ego6JPlzz

Score

10^/10

Bazar Loader
Detected loader normally used to deploy BazarBackdoor malware.
loader dropper bazarloader

Bazar/Team9 Loader payload 1 IoCs

Processes:

resource	yara_rule
behavioral2/memory/1916-0-0x0000000002260000-0x0000000002465000-memory.dmp	BazarLoaderVar5

Tries to connect to .bazar domain 11 IoCs

Attempts to lookup or connect to a .bazar domain, used by BazarBackdoor, Trickbot, and potentially others.

Processes:

Unexpected DNS network traffic destination 11 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\38e91adac9a33b3ebb6a0fc54c4f893b.dll
1⤵
PID:1916

memory/1916-0-0x0000000002260000-0x0000000002465000-memory.dmp

Filesize
2.0MB

Download