zloader | a35b96696f5c7adc5aa856859d37e92c323b2be68c0f8d2704a4ab689ffd12b2

Analysis

Target

SecuriteInfo.com.ML.PE-A.22138.dll
Size

652KB
MD5

b260df424a528921e9f544af273c3849
SHA1

85d12847d2ceefcd5ddd88c0c03b0d98bb9afc86
SHA256

a35b96696f5c7adc5aa856859d37e92c323b2be68c0f8d2704a4ab689ffd12b2
SHA512

d2327adb91949c707058ba910fed2634c631b82624127ac9d3d051a00edafbff50c19e89b39b2aee0197e1ff05dba9d3bc8e038d50cc1d5af0c3506952989ad1

Score

10^/10

Family

zloader

Botnet

nut

Campaign

26/10

https://kare.academy/wl9nfl.php

https://skal.tk/a0qqpr.php

https://casascala.isoladelba.it/1lhdcb.php

https://tamilgreets.com/0vjkrn.php

https://ahoracallao.com/kzqlgx.php

https://shbiolabs.com/gkqm9o.php

https://bmavan.com/qshecj.php

https://barsoleillevant.fr/czdhxu.php

https://innovabusiness.cv/assly0.php

https://mevededustderin.tk/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe
PID 1084 wrote to memory of 1940	1084	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.ML.PE-A.22138.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.ML.PE-A.22138.dll,#1
2⤵
PID:1940

memory/1524-5-0x000007FEF71D0000-0x000007FEF744A000-memory.dmp

Filesize
2.5MB

Download
memory/1668-2-0x0000000000090000-0x0000000000091000-memory.dmp

Filesize
4KB

Download
memory/1668-1-0x00000000000F0000-0x0000000000116000-memory.dmp

Filesize
152KB

Download
memory/1668-3-0x00000000000F0000-0x0000000000116000-memory.dmp

Filesize
152KB

Download
memory/1668-4-0x0000000000000000-mapping.dmp

Download
memory/1940-0-0x0000000000000000-mapping.dmp

Download