Analysis
-
max time kernel
91s -
max time network
152s -
platform
windows10_x64 -
resource
win10 -
submitted
27-10-2020 14:42
General
-
Target
142cf09ef1d30a422dbf43803e7c1517.dll
-
Size
652KB
-
MD5
142cf09ef1d30a422dbf43803e7c1517
-
SHA1
f1d680faed22c11ffcc8d103bbed2794ca1089f0
-
SHA256
84e360a829386b13dbf487803bc7b8a04f68b9b743ebfa3c9eea76abe00773d4
-
SHA512
75700b1bef08eedc36cfcf93449e3575140d94dca96108d663252debbe48303ab97dc2b0b2b4a1c5139f857fb307b54807630c524b31adfa11b53d9820ebd183
Malware Config
Extracted
zloader
nut
26/10
https://kare.academy/wl9nfl.php
https://skal.tk/a0qqpr.php
https://casascala.isoladelba.it/1lhdcb.php
https://tamilgreets.com/0vjkrn.php
https://ahoracallao.com/kzqlgx.php
https://shbiolabs.com/gkqm9o.php
https://bmavan.com/qshecj.php
https://barsoleillevant.fr/czdhxu.php
https://innovabusiness.cv/assly0.php
https://mevededustderin.tk/wp-smarts.php
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\142cf09ef1d30a422dbf43803e7c1517.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2476-1-0x0000000000610000-0x0000000000636000-memory.dmpFilesize
152KB
-
memory/2476-2-0x0000000000000000-mapping.dmp
-
memory/3968-0-0x0000000000000000-mapping.dmp