zloader | 058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780

Analysis

max time kernel
97s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
17/04/2022, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll
Size

576KB
MD5

8f738a7381504430a708006466b9f065
SHA1

784e1a0840827c287e39ec91b8e5dd8f11ce12ad
SHA256

058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780
SHA512

8abb366e9f2adc46b9b4d58dc2824247bd2a6447c0958bab903d167bfcdd340c94c5281c3de89c476399752b8cfb995e88d685fcae589d467ce3f9dd1020206e

Score

10^/10

zloader kev 21/10 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

21/10

https://jerseysl.online/gjd6vo.php

https://albeeah.co/yfllta.php

https://atipicconcept.ro/wbxpnk.php

https://bellebands.com/mbhtmn.php

https://butterflycalstudio.com/y2qtqq.php

https://camera-experts.com/yxubo7.php

https://proferblinpiacred.tk/wp-smarts.php

Attributes

build_id
176

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 4484	4416	rundll32.exe	78
PID 4416 wrote to memory of 4484	4416	rundll32.exe	78
PID 4416 wrote to memory of 4484	4416	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
  2⤵
  PID:4484

C:\Windows\SysWOW64\msiexec.exe
msiexec.exe
1⤵
PID:2892

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2892-135-0x00000000008B0000-0x00000000008D6000-memory.dmp

Filesize
152KB

Download
memory/2892-136-0x00000000008B0000-0x00000000008D6000-memory.dmp

Filesize
152KB

Download
memory/4484-132-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download
memory/4484-131-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/4484-133-0x0000000010000000-0x000000001009E000-memory.dmp

Filesize
632KB

Download