zloader | 17a81931620ff1b6df45e02d7c2a5a451f8f19a9fb1717f8473fb284bb9b8f63

Analysis

max time kernel
179s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17-04-2022 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17a81931620ff1b6df45e02d7c2a5a451f8f19a9fb1717f8473fb284bb9b8f63.dll
Size

393KB
MD5

f2a53f0aa423ccd3b60cead07a9ab5b3
SHA1

072729378ab14547d1acfa58a9bd48a86aed9282
SHA256

17a81931620ff1b6df45e02d7c2a5a451f8f19a9fb1717f8473fb284bb9b8f63
SHA512

27634bdb23cbf50a231d5e3dac76c9ff48940366efdc2f69bf9a64c80a2053a8c90efe8ff492da9393ad2ef93b68b6878a73d4eab0cf7c5e1d8fe6d67722dd6b

Score

10^/10

zloader october14 october14 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

october14

Campaign

october14

http://kentyckyderby201000.com/web/post.php

http://deemberkentyucky101.com/web/post.php

http://decemberkentuck102981.com/web/post.php

http://wingtonwelbemdon.com/web/post.php

http://donburitimesofindia.com/web/post.php

http://celtictimesofkarishan.com/web/post.php

Attributes

build_id
59

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1892 wrote to memory of 888	1892	rundll32.exe	78
PID 1892 wrote to memory of 888	1892	rundll32.exe	78
PID 1892 wrote to memory of 888	1892	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17a81931620ff1b6df45e02d7c2a5a451f8f19a9fb1717f8473fb284bb9b8f63.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17a81931620ff1b6df45e02d7c2a5a451f8f19a9fb1717f8473fb284bb9b8f63.dll,#1
  2⤵
  PID:888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/888-132-0x00000000757A0000-0x000000007580C000-memory.dmp

Filesize
432KB

Download
memory/888-131-0x00000000757A0000-0x00000000757C8000-memory.dmp

Filesize
160KB

Download
memory/888-133-0x00000000757A0000-0x000000007580C000-memory.dmp

Filesize
432KB

Download