Analysis
-
max time kernel
65s -
max time network
45s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
05-02-2022 14:55
General
-
Target
6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951.dll
-
Size
826KB
-
MD5
9d32cc86f7791185dec921fbc7b3be78
-
SHA1
65764ac0f8cd50d3c0e2d74f789e702a6353c26c
-
SHA256
6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951
-
SHA512
02c2fcd635c87e40161fe83648589281a38e890bdb0e416c301dd8222e26d01792030c3c1d1620af986e45fb822ad08571d571294ba3b3d0e5de4afc9ad33ff7
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
main
Campaign
26.04.2020
C2
https://coult.org/sound.php
https://chorbly.org/sound.php
https://kodray.org/sound.php
https://retualeigh.com/sound.php
https://grually.com/sound.php
https://footmess.com/sound.php
https://rarigussa.com/sound.php
https://pacallse.com/sound.php
Attributes
-
build_id
47
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6576da1f0d0e8c2d7457c2898d0b8d2d7ad40527c60473910f86da6cf39c0951.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/836-55-0x00000000762C1000-0x00000000762C3000-memory.dmpFilesize
8KB
-
memory/836-56-0x0000000000290000-0x00000000002E1000-memory.dmpFilesize
324KB
-
memory/836-57-0x0000000010000000-0x00000000100D8000-memory.dmpFilesize
864KB