zloader | 9a582f1e0ef2309e249e13f6081358e7e65ce6c9d511a19b71ea1591f0e8dc7b

Analysis

max time kernel
4294136s
max time network
191s
platform
windows7_x64
resource
win7-20220223-en
submitted
07-03-2022 12:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a582f1e0ef2309e249e13f6081358e7e65ce6c9d511a19b71ea1591f0e8dc7b.dll
Size

506KB
MD5

7169f8d61dc89387045e83b141d833cf
SHA1

ab763e20f4d55dd9e8c72ee8478d827473081740
SHA256

9a582f1e0ef2309e249e13f6081358e7e65ce6c9d511a19b71ea1591f0e8dc7b
SHA512

45966a0ac75fe28cd596b1140ab564115a508986a06ca454a4697485ec79ec82ff1d6c640cbdac232ac1a797e7b6c99c141f45a600afe8bcc282b304579050f1

Score

10^/10

zloader googleaktualizacija googleaktualizacija2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes

build_id
156

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27
PID 1076 wrote to memory of 1084	1076	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a582f1e0ef2309e249e13f6081358e7e65ce6c9d511a19b71ea1591f0e8dc7b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a582f1e0ef2309e249e13f6081358e7e65ce6c9d511a19b71ea1591f0e8dc7b.dll,#1
  2⤵
  PID:1084
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    PID:112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/112-57-0x0000000000090000-0x00000000000B6000-memory.dmp

Filesize
152KB

Download
memory/112-59-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/112-61-0x0000000000090000-0x00000000000B6000-memory.dmp

Filesize
152KB

Download
memory/112-63-0x0000000000090000-0x00000000000B6000-memory.dmp

Filesize
152KB

Download
memory/1084-54-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download
memory/1084-55-0x0000000000320000-0x000000000036B000-memory.dmp

Filesize
300KB

Download
memory/1084-56-0x0000000000270000-0x0000000000296000-memory.dmp

Filesize
152KB

Download