Overview

overview

10

Static

static

8921d7db3e...9a.dll

windows7_x64

10

8921d7db3e...9a.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    117s
  • max time network
    164s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-en-20220112
  • submitted
    09-03-2022 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8921d7db3e62f86536acc9c8fcba4cb4107af7a963e99c92a2ff495a35b8589a.dll

  • Size

    392KB

  • MD5

    24e15e38a2292d18fc937508cb3ba270

  • SHA1

    1b300555d9775b777018794a6ad0dee63016c883

  • SHA256

    8921d7db3e62f86536acc9c8fcba4cb4107af7a963e99c92a2ff495a35b8589a

  • SHA512

    093cda577a2a75c2a5b5ad92c2518ae641444c8b4eea1c735fcf680f834003df6cfe1e3f73a1d409e4325431365881a34b5f47546693b0748fad84caaf121806

Score
10/10
zloadernut13/11botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

13/11

C2

https://telkfitness.protekgr.com/errors.php

https://azoltd.myzen.co.uk/errors.php

https://tfbuildingjoinery.co.uk/errors.php

https://moisbridge.co.uk/cp-panel.php

https://mandreskincare.com/wp-smarts.php

https://pousadadosolbuzios.com.br/wp-smarts.php

https://enmasucitessee.tk/wp-smarts.php
Attributes
  • build_id

    234

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\8921d7db3e62f86536acc9c8fcba4cb4107af7a963e99c92a2ff495a35b8589a.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3480
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\8921d7db3e62f86536acc9c8fcba4cb4107af7a963e99c92a2ff495a35b8589a.dll,#1
      2⤵
        PID:3860
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:1764

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1764-134-0x0000000000640000-0x0000000000666000-memory.dmp
        Filesize

        152KB

        Download
      • memory/1764-137-0x0000000000640000-0x0000000000666000-memory.dmp
        Filesize

        152KB

        Download
      • memory/3860-130-0x0000000010000000-0x0000000010026000-memory.dmp
        Filesize

        152KB

        Download
      • memory/3860-131-0x0000000010000000-0x0000000010076000-memory.dmp
        Filesize

        472KB

        Download
      • memory/3860-132-0x0000000010000000-0x0000000010076000-memory.dmp
        Filesize

        472KB

        Download
      • memory/3860-133-0x0000000004D40000-0x0000000004D41000-memory.dmp
        Filesize

        4KB

        Download