Overview

overview

10

Static

static

ca.dll

windows7_x64

10

ca.dll

windows10_x64

10

Analysis

  • max time kernel
    51s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    06-01-2022 10:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca.dll

  • Size

    1.7MB

  • MD5

    ca0376cce08c82a5d4c476c4922c4779

  • SHA1

    99644ab0f8d4dde1eb11b7ff88ebd66b21d73f24

  • SHA256

    f0b6c677bac2de611e0866e849cebd64ec5454885fdd7be5bf0c1c5a17846e3a

  • SHA512

    80ad7465be9cfb1e9eabe46e7218c28ffdb71c75b055b9f196f33ac70c3ec80c1e4e9b9ada03d6e4b49415ad1dcea81b2b343df52851f0c2c528131725405813

Score
10/10
zloaderreturnreturnbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

return

Campaign

return

C2

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php
Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca.dll,#1
      2⤵
        PID:2444
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:1356

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1356-118-0x0000000000870000-0x0000000000896000-memory.dmp

        Filesize

        152KB

        Download

      • memory/1356-119-0x0000000000000000-mapping.dmp

        Download

      • memory/1356-120-0x0000000000580000-0x0000000000581000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1356-121-0x0000000000580000-0x0000000000581000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1356-122-0x0000000000870000-0x0000000000896000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2444-115-0x0000000000000000-mapping.dmp

        Download

      • memory/2444-116-0x00000000032E0000-0x00000000032E1000-memory.dmp

        Filesize

        4KB

        Download

      • memory/2444-117-0x0000000010000000-0x00000000101C8000-memory.dmp

        Filesize

        1.8MB

        Download