Analysis
-
max time kernel
191s -
max time network
268s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
02-11-2020 07:53
General
-
Target
kFQR.dll
-
Size
277KB
-
MD5
fd0a2b6c6203e4b56d8c73f6323d5d68
-
SHA1
e87f8d9f7e768f4169355ffda625a80f0e00decb
-
SHA256
a4711adb921498e7c74af3fd05daaa525f261e7044d457e905dad66767e5b8b4
-
SHA512
85bc1fd3fba441bbb67d6b75c3f058f2acec396299a012bc0c4ba5c1a5a105c712c54f258a58dc5ef2ef7789a58227d4ce99d14f53ceaf5c3cebdd44fe930c3a
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
nut
Campaign
30/10
C2
https://creditoacumuladoicms.com.br/npnegt.php
https://morgadoent.co.za/fp3jsl.php
https://access-one.us/clkgmw.php
https://amazonuniverse.in/dgxcee.php
https://ntandingsundhosmala.tk/wp-smarts.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kFQR.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kFQR.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/524-5-0x000007FEF7880000-0x000007FEF7AFA000-memory.dmpFilesize
2.5MB
-
memory/1624-1-0x0000000000090000-0x00000000000B6000-memory.dmpFilesize
152KB
-
memory/1624-2-0x00000000000C0000-0x00000000000C1000-memory.dmpFilesize
4KB
-
memory/1624-3-0x0000000000090000-0x00000000000B6000-memory.dmpFilesize
152KB
-
memory/1624-4-0x0000000000000000-mapping.dmp
-
memory/1844-0-0x0000000000000000-mapping.dmp