zloader | dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844

Analysis

Target

dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844.dll
Size

507KB
MD5

e37ed649a3777bff725e4a0074a9c8e3
SHA1

7a57118ee3122c9bdb45cf7a9b2efd72fe258771
SHA256

dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844
SHA512

62ac3aad9932a3159c02ef66b7da48c7f4d596e936dc67afe8902554cfc3fbab71c21419b95c67617222f06747f96a9906d280a4049c82a2f9bbab769739c569

Score

10^/10

Family

zloader

Botnet

9092us

Campaign

9092us

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php

Attributes

rc4.plain

rsa_pubkey.plain

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

regsvr32.exe

description	pid	process	target process
PID 2776 wrote to memory of 2808	2776	regsvr32.exe	regsvr32.exe
PID 2776 wrote to memory of 2808	2776	regsvr32.exe	regsvr32.exe
PID 2776 wrote to memory of 2808	2776	regsvr32.exe	regsvr32.exe

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2776

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844.dll
2⤵
PID:2808

memory/824-118-0x00000000023B0000-0x00000000023D6000-memory.dmp

Filesize
152KB

Download
memory/824-119-0x0000000000000000-mapping.dmp

Download
memory/824-120-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/824-121-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/824-122-0x00000000023B0000-0x00000000023D6000-memory.dmp

Filesize
152KB

Download
memory/2808-115-0x0000000000000000-mapping.dmp

Download
memory/2808-116-0x0000000003030000-0x0000000003031000-memory.dmp

Filesize
4KB

Download
memory/2808-117-0x0000000010000000-0x000000001009D000-memory.dmp

Filesize
628KB

Download