Analysis
-
max time kernel
89s -
max time network
113s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
09-08-2021 05:07
General
-
Target
c43c3c195e838ef81a36c1434fa7395c.dll
-
Size
952KB
-
MD5
c43c3c195e838ef81a36c1434fa7395c
-
SHA1
c9accdc1204579d13440df22e4892fcc2082dc7c
-
SHA256
24c57cf9a9fd72827ced5f95796cf333089f076c660bf06b5e7d071a4d5fc102
-
SHA512
5ec2613176ddf8ca9ae331823cb7b62d436ea007850e60a9aeeee0bf23c827a2e3c1eb422594bdd3ec4c86f7688d91f3e8a3c6b2435c46078069c53947a1739f
Malware Config
Extracted
zloader
vasja
vasja
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\c43c3c195e838ef81a36c1434fa7395c.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\c43c3c195e838ef81a36c1434fa7395c.dll2⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/892-114-0x0000000000000000-mapping.dmp
-
memory/892-115-0x00000000032E0000-0x00000000032E1000-memory.dmpFilesize
4KB
-
memory/892-116-0x0000000010000000-0x0000000010155000-memory.dmpFilesize
1.3MB