Analysis
-
max time kernel
87s -
max time network
136s -
platform
windows10_x64 -
resource
win10-en -
submitted
14-09-2021 20:18
General
-
Target
314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c.dll
-
Size
666KB
-
MD5
dac52df1477fe8b567b656c1da2e876f
-
SHA1
4b020a24c3d68b21b586a531e04d558f04de4f52
-
SHA256
314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c
-
SHA512
fb36eb6c6327b8e51cb5230ab5206b2fb327ff440d3e9219535b75b39bd6d03871be7069960120238072a2b0c29ba5716ba8868d02a1fc85b0a62445454cc240
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
nut
Campaign
13/04
C2
https://jiaayanu.com/post.php
https://investinszeklerland.eu/post.php
https://iqs-sac.com/post.php
https://jciems.in/post.php
https://jinnahofficersschool.com/post.php
https://kancagh.com/post.php
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\314ac0158727ba0bed95d244200e569e5aa9528f4c567c1c2c5cfba542fe545c.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4736-115-0x0000000000000000-mapping.dmp
-
memory/4736-117-0x0000000074420000-0x00000000744E8000-memory.dmpFilesize
800KB
-
memory/4736-116-0x0000000074420000-0x000000007444B000-memory.dmpFilesize
172KB
-
memory/4736-118-0x00000000027C0000-0x00000000027C1000-memory.dmpFilesize
4KB