Analysis
-
max time kernel
38s -
max time network
15s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
14-04-2021 07:23
General
-
Target
2SoXN.dll
-
Size
666KB
-
MD5
dac52df1477fe8b567b656c1da2e876f
-
SHA1
4b020a24c3d68b21b586a531e04d558f04de4f52
-
SHA256
314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c
-
SHA512
fb36eb6c6327b8e51cb5230ab5206b2fb327ff440d3e9219535b75b39bd6d03871be7069960120238072a2b0c29ba5716ba8868d02a1fc85b0a62445454cc240
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
nut
Campaign
13/04
C2
https://jiaayanu.com/post.php
https://investinszeklerland.eu/post.php
https://iqs-sac.com/post.php
https://jciems.in/post.php
https://jinnahofficersschool.com/post.php
https://kancagh.com/post.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2SoXN.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2SoXN.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2036-60-0x0000000000000000-mapping.dmp
-
memory/2036-61-0x00000000754F1000-0x00000000754F3000-memory.dmpFilesize
8KB
-
memory/2036-63-0x0000000074540000-0x0000000074608000-memory.dmpFilesize
800KB
-
memory/2036-62-0x0000000074540000-0x000000007456B000-memory.dmpFilesize
172KB
-
memory/2036-64-0x0000000000100000-0x0000000000101000-memory.dmpFilesize
4KB