Overview

overview

10

Static

static

058ce66e90...80.dll

windows7_x64

1

058ce66e90...80.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    97s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    17-04-2022 14:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll

  • Size

    576KB

  • MD5

    8f738a7381504430a708006466b9f065

  • SHA1

    784e1a0840827c287e39ec91b8e5dd8f11ce12ad

  • SHA256

    058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780

  • SHA512

    8abb366e9f2adc46b9b4d58dc2824247bd2a6447c0958bab903d167bfcdd340c94c5281c3de89c476399752b8cfb995e88d685fcae589d467ce3f9dd1020206e

Score
10/10
zloaderkev21/10botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

21/10

C2

https://jerseysl.online/gjd6vo.php

https://albeeah.co/yfllta.php

https://atipicconcept.ro/wbxpnk.php

https://bellebands.com/mbhtmn.php

https://butterflycalstudio.com/y2qtqq.php

https://camera-experts.com/yxubo7.php

https://proferblinpiacred.tk/wp-smarts.php
Attributes
  • build_id

    176

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4416
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\058ce66e9056d1c480dca60cdd9fd26295d79f43c123d190f86df654b58d3780.dll,#1
      2⤵
        PID:4484
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:2892

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2892-134-0x0000000000000000-mapping.dmp
        Download
      • memory/2892-135-0x00000000008B0000-0x00000000008D6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/2892-136-0x00000000008B0000-0x00000000008D6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/4484-130-0x0000000000000000-mapping.dmp
        Download
      • memory/4484-132-0x0000000010000000-0x000000001009E000-memory.dmp
        Filesize

        632KB

        Download
      • memory/4484-131-0x0000000010000000-0x0000000010026000-memory.dmp
        Filesize

        152KB

        Download
      • memory/4484-133-0x0000000010000000-0x000000001009E000-memory.dmp
        Filesize

        632KB

        Download