Overview

overview

10

Static

static

tim.dll

windows7_x64

10

tim.dll

windows10_x64

10

Resubmissions

12-10-2021 18:50

211012-xhew3adbd2 10

27-09-2021 20:56

210927-zrbbcaabhl 10

14-09-2021 15:35

210914-s1ddqsfhf8 10

Analysis

  • max time kernel
    50s
  • max time network
    183s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    12-10-2021 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tim.dll

  • Size

    429KB

  • MD5

    75784d297b3d6fb4d434b6890f6334ab

  • SHA1

    dc945e57be6bdd3cc4894d6cff7dd90a76f6c416

  • SHA256

    95a8370c36d81ea596d83892115ce6b90717396c8f657b17696c7eeb2dba1d2e

  • SHA512

    f54baffc5b545aaa4d939505181466d7b78bb583fd32da6cbf8cea058fca8869e8bf7bf3272f43d09a7b24dc6e821c9aa0e3875dd2959173e704d57568915fa1

Score
10/10
zloadertimtimbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

tim

Campaign

tim

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\tim.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\tim.dll
      2⤵
      • Drops file in Windows directory
      PID:1936
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
          PID:1764

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1488-60-0x000007FEFB631000-0x000007FEFB633000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1764-65-0x00000000000E0000-0x0000000000106000-memory.dmp
      Filesize

      152KB

      Download
    • memory/1764-66-0x0000000000090000-0x0000000000091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1764-67-0x00000000000E0000-0x0000000000106000-memory.dmp
      Filesize

      152KB

      Download
    • memory/1764-68-0x0000000000000000-mapping.dmp
      Download
    • memory/1764-70-0x00000000000E0000-0x0000000000106000-memory.dmp
      Filesize

      152KB

      Download
    • memory/1936-61-0x0000000000000000-mapping.dmp
      Download
    • memory/1936-62-0x0000000075801000-0x0000000075803000-memory.dmp
      Filesize

      8KB

      Download
    • memory/1936-63-0x0000000000180000-0x0000000000181000-memory.dmp
      Filesize

      4KB

      Download
    • memory/1936-64-0x0000000010000000-0x0000000010072000-memory.dmp
      Filesize

      456KB

      Download