Overview

overview

10

Static

static

142cf09ef1...17.dll

windows7_x64

10

142cf09ef1...17.dll

windows10_x64

10

Analysis

  • max time kernel
    100s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7
  • submitted
    27-10-2020 14:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    142cf09ef1d30a422dbf43803e7c1517.dll

  • Size

    652KB

  • MD5

    142cf09ef1d30a422dbf43803e7c1517

  • SHA1

    f1d680faed22c11ffcc8d103bbed2794ca1089f0

  • SHA256

    84e360a829386b13dbf487803bc7b8a04f68b9b743ebfa3c9eea76abe00773d4

  • SHA512

    75700b1bef08eedc36cfcf93449e3575140d94dca96108d663252debbe48303ab97dc2b0b2b4a1c5139f857fb307b54807630c524b31adfa11b53d9820ebd183

Score
10/10
zloadernut26/10botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

26/10

C2

https://kare.academy/wl9nfl.php

https://skal.tk/a0qqpr.php

https://casascala.isoladelba.it/1lhdcb.php

https://tamilgreets.com/0vjkrn.php

https://ahoracallao.com/kzqlgx.php

https://shbiolabs.com/gkqm9o.php

https://bmavan.com/qshecj.php

https://barsoleillevant.fr/czdhxu.php

https://innovabusiness.cv/assly0.php

https://mevededustderin.tk/wp-smarts.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1084
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#1
      2⤵
        PID:1896

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1556-1-0x0000000000090000-0x00000000000B6000-memory.dmp
      Filesize

      152KB

      Download
    • memory/1556-2-0x00000000000C0000-0x00000000000C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1556-3-0x0000000000090000-0x00000000000B6000-memory.dmp
      Filesize

      152KB

      Download
    • memory/1556-4-0x0000000000000000-mapping.dmp
      Download
    • memory/1592-5-0x000007FEF71D0000-0x000007FEF744A000-memory.dmp
      Filesize

      2.5MB

      Download
    • memory/1896-0-0x0000000000000000-mapping.dmp
      Download