Overview

overview

10

Static

static

keaqxieb.dll

windows7_x64

10

keaqxieb.dll

windows10_x64

10

Resubmissions

04-11-2021 18:29

211104-w4y2dshce3 10

14-10-2021 11:20

211014-nfswgaghek 10

Analysis

  • max time kernel
    150s
  • max time network
    124s
  • platform
    windows10_x64
  • resource
    win10-en-20211014
  • submitted
    04-11-2021 18:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    keaqxieb.dll

  • Size

    412KB

  • MD5

    d11eba83d05fe0789e5885558680b31b

  • SHA1

    ebca52bcd828cc94a443b0565670f28de52e93db

  • SHA256

    24ee365c548cb76e0b5a021e0ebaade9f95f9f5a26e4e4b96be5b238eb8f1f5b

  • SHA512

    c125bb8a48464d1e6f3439742d577e1c56ba421e3d8657145bd75baa5a3d725a252e74cf4da97c2a20a6a4e928883943cdc62b95ac25ae9217eed09e9de4b260

Score
10/10
zloaderoctoberoctoberbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

october

Campaign

october

C2

http://sept9stuff10.com/web/post.php

http://sept9stuff11.com/web/post.php
Attributes
  • build_id

    54

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\keaqxieb.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4056
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\keaqxieb.dll
      2⤵
        PID:3392

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3392-115-0x0000000000000000-mapping.dmp
      Download
    • memory/3392-116-0x00000000740E0000-0x0000000074108000-memory.dmp
      Filesize

      160KB

      Download
    • memory/3392-117-0x00000000740E0000-0x0000000074159000-memory.dmp
      Filesize

      484KB

      Download
    • memory/3392-118-0x0000000000760000-0x00000000008AA000-memory.dmp
      Filesize

      1.3MB

      Download