Overview

overview

10

Static

static

913c6f65e3...fb.dll

windows7_x64

10

913c6f65e3...fb.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    17s
  • max time network
    136s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    18-04-2022 05:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb.dll

  • Size

    582KB

  • MD5

    c822149db6e41ee020572700b82eff28

  • SHA1

    5c8b4eaac5e209c11fd8ccd6a86b5629d8a04741

  • SHA256

    913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb

  • SHA512

    eac49b60df3ca9b34d8f5f5117a0c89eac466fd9a6209fab9cd91d34978a687fbae83c72311af2d793d211de81246dd3b515ac78d5213a7aca2064ff15a591ed

Score
10/10
zloadergoogleaktualizacijagoogleaktualizacijabotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija

C2

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php

https://odjdnhsaj.su/gate.php

https://odoishsaj.su/gate.php
Attributes
  • build_id

    148

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1648
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb.dll,#1
      2⤵
        PID:888
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/888-54-0x0000000000000000-mapping.dmp
        Download
      • memory/888-55-0x0000000075D21000-0x0000000075D23000-memory.dmp
        Filesize

        8KB

        Download
      • memory/888-56-0x0000000000160000-0x00000000001AB000-memory.dmp
        Filesize

        300KB

        Download
      • memory/888-57-0x00000000002B0000-0x00000000002D6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/948-60-0x0000000000100000-0x0000000000101000-memory.dmp
        Filesize

        4KB

        Download
      • memory/948-58-0x0000000000090000-0x00000000000B6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/948-61-0x0000000000090000-0x00000000000B6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/948-62-0x0000000000000000-mapping.dmp
        Download
      • memory/948-64-0x0000000000090000-0x00000000000B6000-memory.dmp
        Filesize

        152KB

        Download