Overview

overview

10

Static

static

be6c43eb0c...ed.dll

windows7_x64

10

be6c43eb0c...ed.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    154s
  • max time network
    201s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220113
  • submitted
    08-02-2022 22:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll

  • Size

    506KB

  • MD5

    6fc31eeb82459891900975bdf5d7b789

  • SHA1

    5f7717ca5a41d29859327b0341fa8246ec54a936

  • SHA256

    be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed

  • SHA512

    828150dfc6892ab3c6fff0d103aa0b4f4297ce24dabd48354699ad2e6e20ee1dbedc6e8b2bc45a145c91bb8196dd2be6f0a4af382524a04bb8dc0032d2821244

Score
10/10
zloadergoogleaktualizacijagoogleaktualizacija2botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
Attributes
  • build_id

    156

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\be6c43eb0c59b6f752d2c237fccb0e91523e50423057ccf0c17121584bdf3fed.dll,#1
      2⤵
        PID:1320
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
      1⤵
        PID:1336

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1320-130-0x0000000000D00000-0x0000000000D4B000-memory.dmp

        Filesize

        300KB

        Download

      • memory/1320-131-0x0000000000D50000-0x0000000000D76000-memory.dmp

        Filesize

        152KB

        Download

      • memory/1336-132-0x000002C718160000-0x000002C718170000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1336-133-0x000002C7188E0000-0x000002C7188F0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1336-134-0x000002C71ADA0000-0x000002C71ADA4000-memory.dmp

        Filesize

        16KB

        Download