Analysis
-
max time kernel
37s -
max time network
112s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
15-04-2021 19:12
General
-
Target
311c78f93acf71a31e5c05bb20f0eef5.dll
-
Size
666KB
-
MD5
311c78f93acf71a31e5c05bb20f0eef5
-
SHA1
d9618042f78ad4fd5e7c9e20114badf4e0b1b7b7
-
SHA256
ca4a842f5c327aa4372549fc4bf1e6f86956cfddcf423fbaadeba69fd6738c05
-
SHA512
781b64a2da50a94c660e577aad6dd0995ca1895c6b09f32c177d30383e721586ef7f0ae2c1aec8658b89b9b9ae4f1903e39b6bc5f11d554697c64974cec2bcb9
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
nut
Campaign
13/04
C2
https://jiaayanu.com/post.php
https://investinszeklerland.eu/post.php
https://iqs-sac.com/post.php
https://jciems.in/post.php
https://jinnahofficersschool.com/post.php
https://kancagh.com/post.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\311c78f93acf71a31e5c05bb20f0eef5.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\311c78f93acf71a31e5c05bb20f0eef5.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1568-114-0x0000000000000000-mapping.dmp
-
memory/1568-115-0x0000000073EB0000-0x0000000073EDB000-memory.dmpFilesize
172KB
-
memory/1568-116-0x0000000073EB0000-0x0000000073F78000-memory.dmpFilesize
800KB
-
memory/1568-117-0x00000000033A0000-0x00000000033A1000-memory.dmpFilesize
4KB