Overview

overview

10

Static

static

us.dll

windows7_x64

10

us.dll

windows10_x64

10

Analysis

  • max time kernel
    42s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    06-01-2022 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    us.dll

  • Size

    3.0MB

  • MD5

    840e7d7e597e033a04f9c281f76d7869

  • SHA1

    ce0c0304bf25cdcbf8998a1ee1ed3c29396fab19

  • SHA256

    b4263deb8ede514bf90b1ffeda7087223e11c80c1494b0662230a0cf9d34aa88

  • SHA512

    a6f6894defefb7487d7f125cf6ff77f418d59a0c831890f25d987c790a42df1f021e2694123865bb5b58243929ac5b62220fada7bc23f154c8fa5c0deb32d4ed

Score
10/10
zloader9092us9092usbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

9092us

Campaign

9092us

C2

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php
Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\us.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1904
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\us.dll
      2⤵
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2032
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
          PID:428

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/428-59-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/428-60-0x00000000000C0000-0x00000000000C1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/428-61-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/428-64-0x0000000000090000-0x00000000000B6000-memory.dmp

      Filesize

      152KB

      Download

    • memory/1904-54-0x000007FEFBE21000-0x000007FEFBE23000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2032-56-0x0000000076731000-0x0000000076733000-memory.dmp

      Filesize

      8KB

      Download

    • memory/2032-57-0x0000000000200000-0x0000000000201000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2032-58-0x0000000010000000-0x0000000010305000-memory.dmp

      Filesize

      3.0MB

      Download