Analysis

  • max time kernel
    119s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    06-03-2022 22:54

General

  • Target

    0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe

  • Size

    206KB

  • MD5

    0d33efc831e18fcdf7551ffa38525075

  • SHA1

    4df1d85b6485fa060ca195112b1f866a6799c3a9

  • SHA256

    0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7

  • SHA512

    e5082f432043101309c5766b2dcb21c41e89b9691066ccbb08e4863d4d8419343cd5adb952947eafd24f5b20a738df45ecf91b9e1ef192d14d8c922bb9504174

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://monanuslanus.com/bFnF0y1r/7QKpXmV3Pz.php

https://lericastrongs.com/bFnF0y1r/7QKpXmV3Pz.php

https://hyllionsudks.com/bFnF0y1r/7QKpXmV3Pz.php

https://crimewasddef.com/bFnF0y1r/7QKpXmV3Pz.php

https://derekdsingel.com/bFnF0y1r/7QKpXmV3Pz.php

https://simplereffiret.com/bFnF0y1r/7QKpXmV3Pz.php

https://regeerscomba.com/bFnF0y1r/7QKpXmV3Pz.php

Attributes
  • build_id

    77

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

Processes

  • C:\Users\Admin\AppData\Local\Temp\0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe
    "C:\Users\Admin\AppData\Local\Temp\0fe26492c733ffede1ec0d3311fd97d2d78b5ad0812fa6a5b0b1f7b1128c92a7.exe"
    1⤵
      PID:3440

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3440-130-0x00000000005D2000-0x00000000005E9000-memory.dmp
      Filesize

      92KB

    • memory/3440-131-0x00000000005D2000-0x00000000005E9000-memory.dmp
      Filesize

      92KB

    • memory/3440-132-0x00000000001C0000-0x00000000001E2000-memory.dmp
      Filesize

      136KB

    • memory/3440-133-0x0000000000400000-0x00000000004DE000-memory.dmp
      Filesize

      888KB