Overview

overview

10

Static

static

2SoXN.dll

windows7_x64

10

2SoXN.dll

windows10_x64

10

Analysis

  • max time kernel
    148s
  • max time network
    149s
  • platform
    windows7_x64
  • resource
    win7v20210410
  • submitted
    14-04-2021 06:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2SoXN.dll

  • Size

    666KB

  • MD5

    dac52df1477fe8b567b656c1da2e876f

  • SHA1

    4b020a24c3d68b21b586a531e04d558f04de4f52

  • SHA256

    314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c

  • SHA512

    fb36eb6c6327b8e51cb5230ab5206b2fb327ff440d3e9219535b75b39bd6d03871be7069960120238072a2b0c29ba5716ba8868d02a1fc85b0a62445454cc240

Score
10/10
zloadernut13/04botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

13/04

C2

https://jiaayanu.com/post.php

https://investinszeklerland.eu/post.php

https://iqs-sac.com/post.php

https://jciems.in/post.php

https://jinnahofficersschool.com/post.php

https://kancagh.com/post.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Blocklisted process makes network request 16 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2SoXN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2SoXN.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:316
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
        • Blocklisted process makes network request
        • Suspicious use of AdjustPrivilegeToken
        PID:1068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/316-59-0x0000000000000000-mapping.dmp
    Download
  • memory/316-60-0x0000000076281000-0x0000000076283000-memory.dmp
    Filesize

    8KB

    Download
  • memory/316-62-0x0000000074FB0000-0x0000000075078000-memory.dmp
    Filesize

    800KB

    Download
  • memory/316-61-0x0000000074FB0000-0x0000000074FDB000-memory.dmp
    Filesize

    172KB

    Download
  • memory/316-63-0x0000000000140000-0x0000000000141000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1068-64-0x0000000000000000-mapping.dmp
    Download
  • memory/1068-66-0x0000000000090000-0x00000000000BB000-memory.dmp
    Filesize

    172KB

    Download