Overview

overview

10

Static

static

57dafb880d...52.exe

windows7_x64

10

57dafb880d...52.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    67s
  • max time network
    155s
  • platform
    windows7_x64
  • resource
    win7-20220414-en
  • submitted
    18-04-2022 10:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52.exe

  • Size

    447KB

  • MD5

    83059ecb2b70c5c283938fdb798de541

  • SHA1

    b8b151d34563d8510cbc4607b235edf57c36efaf

  • SHA256

    57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52

  • SHA512

    ed8024d89af1bd4d6da38af44d8466365c666cf1a5c0a5baa02db1c5493888e60618fe0bb3e72c0368b7272e97e1d7447c12aeb9e253437a50bc6977267a834b

Score
10/10
zloaderr1r1botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
Attributes
  • build_id

    125

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

Processes

  • C:\Users\Admin\AppData\Local\Temp\57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52.exe
    "C:\Users\Admin\AppData\Local\Temp\57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52.exe"
    1⤵
      PID:1684
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:948

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/948-58-0x0000000000090000-0x00000000000B8000-memory.dmp
        Filesize

        160KB

        Download
      • memory/948-60-0x00000000000C0000-0x00000000000C1000-memory.dmp
        Filesize

        4KB

        Download
      • memory/948-61-0x0000000000090000-0x00000000000B8000-memory.dmp
        Filesize

        160KB

        Download
      • memory/948-62-0x0000000000000000-mapping.dmp
        Download
      • memory/948-63-0x0000000076431000-0x0000000076433000-memory.dmp
        Filesize

        8KB

        Download
      • memory/948-64-0x0000000000090000-0x00000000000B8000-memory.dmp
        Filesize

        160KB

        Download
      • memory/1684-54-0x00000000023E7000-0x0000000002400000-memory.dmp
        Filesize

        100KB

        Download
      • memory/1684-55-0x00000000023E7000-0x0000000002400000-memory.dmp
        Filesize

        100KB

        Download
      • memory/1684-56-0x00000000002C0000-0x00000000002E5000-memory.dmp
        Filesize

        148KB

        Download
      • memory/1684-57-0x0000000000400000-0x000000000232C000-memory.dmp
        Filesize

        31.2MB

        Download