Overview

overview

10

Static

static

0fe26492c7...a7.exe

windows7_x64

10

0fe26492c7...a7.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    4294113s
  • max time network
    166s
  • platform
    windows7_x64
  • resource
    win7-20220223-en
  • submitted
    06-03-2022 22:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe

  • Size

    206KB

  • MD5

    0d33efc831e18fcdf7551ffa38525075

  • SHA1

    4df1d85b6485fa060ca195112b1f866a6799c3a9

  • SHA256

    0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7

  • SHA512

    e5082f432043101309c5766b2dcb21c41e89b9691066ccbb08e4863d4d8419343cd5adb952947eafd24f5b20a738df45ecf91b9e1ef192d14d8c922bb9504174

Score
10/10
zloadercanadaloadsnerinobotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://monanuslanus.com/bFnF0y1r/7QKpXmV3Pz.php

https://lericastrongs.com/bFnF0y1r/7QKpXmV3Pz.php

https://hyllionsudks.com/bFnF0y1r/7QKpXmV3Pz.php

https://crimewasddef.com/bFnF0y1r/7QKpXmV3Pz.php

https://derekdsingel.com/bFnF0y1r/7QKpXmV3Pz.php

https://simplereffiret.com/bFnF0y1r/7QKpXmV3Pz.php

https://regeerscomba.com/bFnF0y1r/7QKpXmV3Pz.php
Attributes
  • build_id

    77

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe
    "C:\Users\Admin\AppData\Local\Temp\0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe"
    1⤵
      PID:1600
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        2⤵
          PID:1976

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1600-54-0x0000000000698000-0x00000000006AF000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1600-55-0x0000000000698000-0x00000000006AF000-memory.dmp
        Filesize

        92KB

        Download
      • memory/1600-56-0x0000000000220000-0x0000000000242000-memory.dmp
        Filesize

        136KB

        Download
      • memory/1600-57-0x0000000000400000-0x00000000004DE000-memory.dmp
        Filesize

        888KB

        Download
      • memory/1976-58-0x0000000000100000-0x0000000000126000-memory.dmp
        Filesize

        152KB

        Download
      • memory/1976-60-0x00000000000D0000-0x00000000000D1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/1976-62-0x0000000000100000-0x0000000000126000-memory.dmp
        Filesize

        152KB

        Download
      • memory/1976-63-0x0000000076731000-0x0000000076733000-memory.dmp
        Filesize

        8KB

        Download
      • memory/1976-64-0x0000000000100000-0x0000000000126000-memory.dmp
        Filesize

        152KB

        Download