zloader | 6c4e4b3df9dc07fbccc61563533246eed88269a53a95089ccc6bf96b508e15c3

Analysis

max time kernel
41s
max time network
129s
platform
windows10_x64
resource
win10-en-20211208
submitted
27-01-2022 20:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9092.dll
Size

1.2MB
MD5

44c23544f1a62380dbd705594905dd32
SHA1

beab91a74563df8049a894d5a2542dd8843553c2
SHA256

6c4e4b3df9dc07fbccc61563533246eed88269a53a95089ccc6bf96b508e15c3
SHA512

1435cb385746b373215cbced504609de72b71e161a59ab773b11873d54ebfc2fbeb9323342ada25f525cfb2f6dbda19e97c65f0e9bc000b1ef0fc28f9ea28b71

Score

10^/10

zloader 9092us 9092us botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

9092us

Campaign

9092us

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php

Attributes

build_id
157

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2692	2656	regsvr32.exe	68
PID 2656 wrote to memory of 2692	2656	regsvr32.exe	68
PID 2656 wrote to memory of 2692	2656	regsvr32.exe	68

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\9092.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\9092.dll
  2⤵
  PID:2692
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    PID:360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/360-117-0x0000000000500000-0x0000000000526000-memory.dmp

Filesize
152KB

Download
memory/360-120-0x0000000000500000-0x0000000000526000-memory.dmp

Filesize
152KB

Download
memory/2692-115-0x0000000000F30000-0x000000000107A000-memory.dmp

Filesize
1.3MB

Download
memory/2692-116-0x0000000010000000-0x0000000010138000-memory.dmp

Filesize
1.2MB

Download