Analysis
-
max time kernel
98s -
max time network
142s -
platform
windows7_x64 -
resource
win7 -
submitted
27-10-2020 10:12
General
-
Target
SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll
-
Size
667KB
-
MD5
b92aa4b3201734007fbce2e237fe091f
-
SHA1
9982a7d1af6b13e48c39fd2327ac3181f09856e1
-
SHA256
635a1f8e2eff8717c791f846b6e7a4b0c1d1d84d93c20630686d5079a9ede5c3
-
SHA512
6116392f19c439a2c029b2e48641730429d084183f4ab29f75eba4bc3f172984e30afbec31643193faf93b2aa10d0bea9af4e36dc7eb13e86baba1f467c82574
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
dll26
Campaign
dll26
C2
https://eecakesconf.at/web982/gate.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Trojan-Banker.Win32.Cridex.gen.10545.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1164-5-0x000007FEF7020000-0x000007FEF729A000-memory.dmpFilesize
2.5MB
-
memory/1756-1-0x00000000000D0000-0x00000000000F6000-memory.dmpFilesize
152KB
-
memory/1756-2-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB
-
memory/1756-3-0x00000000000D0000-0x00000000000F6000-memory.dmpFilesize
152KB
-
memory/1756-4-0x0000000000000000-mapping.dmp
-
memory/1900-0-0x0000000000000000-mapping.dmp