Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows10_x64 -
resource
win10-en-20211014 -
submitted
08-12-2021 12:03
General
-
Target
fyivybu.dll
-
Size
476KB
-
MD5
cc00b3639732518c892f67f5e662c134
-
SHA1
d8ef7b39e9263ee7118ecf427a793cf8909b2e70
-
SHA256
079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be
-
SHA512
c6b0cf40120fb3d0cacba51209e219317f18e62d342913ef644ca21ec574424869760378e944f2db5891b3b3d637d7f4a6118cea7756ae3daaa18a04e7e7b91f
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
Jho
Campaign
25/03
C2
https://wgyvjbse.pw/milagrecf.php
https://botiq.xyz/milagrecf.php
Attributes
-
build_id
106
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fyivybu.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fyivybu.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1176-119-0x0000000000660000-0x000000000068E000-memory.dmpFilesize
184KB
-
memory/1176-120-0x0000000000000000-mapping.dmp
-
memory/1176-121-0x0000000000370000-0x0000000000371000-memory.dmpFilesize
4KB
-
memory/1176-122-0x0000000000370000-0x0000000000371000-memory.dmpFilesize
4KB
-
memory/2756-115-0x0000000000000000-mapping.dmp
-
memory/2756-116-0x0000000073930000-0x000000007395E000-memory.dmpFilesize
184KB
-
memory/2756-117-0x0000000073930000-0x00000000739BD000-memory.dmpFilesize
564KB
-
memory/2756-118-0x0000000000940000-0x0000000000A8A000-memory.dmpFilesize
1.3MB