Analysis
-
max time kernel
50s -
max time network
135s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
21-04-2021 13:50
General
-
Target
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll
-
Size
527KB
-
MD5
9d19acb3d8bc7578715d85c03ff10014
-
SHA1
9e199d963983bf92e3b2f3d08d9b4817af567748
-
SHA256
ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d
-
SHA512
19749d3a7ba8ca043897af061d8f7f8dbe6b6f34df698ccba7b0ac31b57ec5918b7d8d193dd9dd50f072d4ff218c07f6c23eb3f5153451a5774b8c8db3b9ad9c
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
main
Campaign
10.05.2020
C2
https://sigmark.org/sound.php
https://perditta.org/sound.php
https://dentatox.org/sound.php
https://flopperos.org/sound.php
https://teslatis.org/sound.php
https://teamper.org/sound.php
https://gilantec.org/sound.php
https://trebitmore.org/sound.php
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ccb412870602bd52d4fc05038bba4d958e9766c66bff92d9ce9800dbf901834d.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1036-114-0x0000000000000000-mapping.dmp
-
memory/1036-115-0x0000000000750000-0x000000000089A000-memory.dmpFilesize
1.3MB
-
memory/1036-116-0x00000000008D0000-0x0000000000903000-memory.dmpFilesize
204KB