Overview

overview

10

Static

static

907a644328...38.dll

windows7_x64

10

907a644328...38.dll

windows10_x64

Analysis

  • max time kernel
    39s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    02-03-2021 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    907a644328011c9d50c192e06ef14bf5e6be5f4c3f4dddacfba7ebb8d22d0738.dll

  • Size

    776KB

  • MD5

    89d2e280a893091f2f60099cbaa616ed

  • SHA1

    cca6be054d570ae2b5ebc527b5ceb6e23ac15504

  • SHA256

    907a644328011c9d50c192e06ef14bf5e6be5f4c3f4dddacfba7ebb8d22d0738

  • SHA512

    6f73c20829b42e6a6064cdd97134af8edd78077f175eabf7ed28ff07eafad0c2fd241ec93a3d11075b716e2606b3f8aba40de6f37b83c39d9de3596c6c07e80f

Score
10/10
zloadergoogleaktualizacijagoogleaktualizacija2botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\907a644328011c9d50c192e06ef14bf5e6be5f4c3f4dddacfba7ebb8d22d0738.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:792
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\907a644328011c9d50c192e06ef14bf5e6be5f4c3f4dddacfba7ebb8d22d0738.dll,#1
      2⤵
        PID:1920
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:1516

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/848-9-0x000007FEF63D0000-0x000007FEF664A000-memory.dmp
        Filesize

        2.5MB

        Download
      • memory/1516-6-0x0000000000000000-mapping.dmp
        Download
      • memory/1516-8-0x00000000000D0000-0x00000000000F6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/1920-2-0x0000000000000000-mapping.dmp
        Download
      • memory/1920-3-0x00000000765E1000-0x00000000765E3000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1920-4-0x0000000001E10000-0x0000000001EBD000-memory.dmp
        Filesize

        692KB

        Download
      • memory/1920-5-0x0000000001C20000-0x0000000001C46000-memory.dmp
        Filesize

        152KB

        Download