zloader | 0bd3068827cbac643e6d52c0f9106d97f22c5ca5a200e98d4388a6886f670889

Analysis

max time kernel
41s
max time network
106s
platform
windows10_x64
resource
win10v20201028
submitted
02-04-2021 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll
Size

619KB
MD5

87e4b79e02c038bb1dda5e53bd502703
SHA1

fe6083dfea6a0727e6f9ec215fa1bddd6a981b8b
SHA256

270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908
SHA512

7ea3f1645ed8268717f263583255372cc6e151d3f0824e16b0ba7af5fdb1882f97858f7ac9dcc1d585537dd6a12a540878fae9af83b76495c3695487646bba22

Score

10^/10

zloader nut 30/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/03

https://holacast.com/post.php

https://homeloansadvisor.in/post.php

https://hoteldonalala.com.mx/post.php

https://hotimobiliaria.com.br/post.php

https://hrdgschool.com/post.php

https://huloolcreations.com/post.php

https://hyundainhatrang.vn/post.php

https://iaikotasemarang.id/post.php

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 1144 wrote to memory of 2392	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 2392	1144	regsvr32.exe	regsvr32.exe
PID 1144 wrote to memory of 2392	1144	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1144

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\270cbb3393119258ff8db610d8b48556b582c3fcd1bfeca457a6311b5cdf0908.dll
2⤵
PID:2392

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2392-2-0x0000000000000000-mapping.dmp

Download
memory/2392-3-0x00000000738F0000-0x000000007391B000-memory.dmp

Filesize
172KB

Download
memory/2392-4-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download