Overview

overview

10

Static

static

1

dusmapi7bf.exe

windows7_x64

7

dusmapi7bf.exe

windows10_x64

10

Resubmissions

09-01-2021 06:25

210109-x11fbv57ln 10

16-10-2020 02:45

201016-1g8jrbkdln 7

Analysis

  • max time kernel
    86s
  • max time network
    147s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    09-01-2021 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dusmapi7bf.exe

  • Size

    201KB

  • MD5

    235730a5bbd6d3c5cef4bf0c949b74e8

  • SHA1

    e0edbe75a0fdbaff4c4467b5b2a37a281687b0b7

  • SHA256

    80b65c87c2af3d8e0fba7ae3901491fb0421a20ce8c33a94e578ba2a8e0fe9c4

  • SHA512

    3dc31d2c0eae9be0040cd8bb128c6f21c089f37ecbaf0ea613e4045dceb9886538b0301b1950e091b973807facb92d96586e470ed7a36c158f49082b6a48621d

Score
10/10
zloadersgsgbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Loads dropped DLL 1 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe
    "C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious behavior: MapViewOfSection
    • Suspicious use of WriteProcessMemory
    PID:3992
    • C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe
      "C:\Users\Admin\AppData\Local\Temp\dusmapi7bf.exe"
      2⤵
        PID:2756
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:2232
      • C:\Windows\system32\taskmgr.exe
        "C:\Windows\system32\taskmgr.exe" /4
        1⤵
          PID:1864

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Repe
          MD5

          d41d8cd98f00b204e9800998ecf8427e

          SHA1

          da39a3ee5e6b4b0d3255bfef95601890afd80709

          SHA256

          e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

          SHA512

          cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

          Download Submit
        • \Users\Admin\AppData\Local\Temp\nscC5B.tmp\System.dll
          MD5

          fccff8cb7a1067e23fd2e2b63971a8e1

          SHA1

          30e2a9e137c1223a78a0f7b0bf96a1c361976d91

          SHA256

          6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e

          SHA512

          f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c

          Download Submit
        • memory/2232-7-0x00000000004D0000-0x00000000004F8000-memory.dmp
          Filesize

          160KB

          Download
        • memory/2232-8-0x0000000000000000-mapping.dmp
          Download
        • memory/2756-3-0x0000000000400000-0x0000000000428000-memory.dmp
          Filesize

          160KB

          Download
        • memory/2756-4-0x0000000000416A80-mapping.dmp
          Download
        • memory/2756-5-0x0000000000400000-0x0000000000428000-memory.dmp
          Filesize

          160KB

          Download