Overview

overview

10

Static

static

270cbb3393...08.dll

windows7_x64

10

270cbb3393...08.dll

windows10_x64

10

Analysis

  • max time kernel
    49s
  • max time network
    13s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    02-04-2021 05:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll

  • Size

    619KB

  • MD5

    87e4b79e02c038bb1dda5e53bd502703

  • SHA1

    fe6083dfea6a0727e6f9ec215fa1bddd6a981b8b

  • SHA256

    270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908

  • SHA512

    7ea3f1645ed8268717f263583255372cc6e151d3f0824e16b0ba7af5fdb1882f97858f7ac9dcc1d585537dd6a12a540878fae9af83b76495c3695487646bba22

Score
10/10
zloadernut30/03botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/03

C2

https://holacast.com/post.php

https://homeloansadvisor.in/post.php

https://hoteldonalala.com.mx/post.php

https://hotimobiliaria.com.br/post.php

https://hrdgschool.com/post.php

https://huloolcreations.com/post.php

https://hyundainhatrang.vn/post.php

https://iaikotasemarang.id/post.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1812
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll
      2⤵
        PID:1340

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1340-3-0x0000000000000000-mapping.dmp

      Download

    • memory/1340-4-0x0000000076241000-0x0000000076243000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1340-5-0x0000000073F40000-0x0000000073F6B000-memory.dmp

      Filesize

      172KB

      Download

    • memory/1340-6-0x0000000000110000-0x0000000000111000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1812-2-0x000007FEFBA41000-0x000007FEFBA43000-memory.dmp

      Filesize

      8KB

      Download