Analysis
-
max time kernel
106s -
max time network
130s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
18-04-2022 15:30
General
-
Target
bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll
-
Size
667KB
-
MD5
21b83a88c298e9c0a3b2a3b5e08825e0
-
SHA1
d34b71691a0cdc8fce8eef97f1c84bfa467a7ac1
-
SHA256
bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14
-
SHA512
34035bca3741a01aacdb026fff43b9160b3dadb67b2ff82646c5c6e930a39b9120b90940e0c64c9947489bb81830230c609e99d04788b71ca4f7c7120ecc0c0c
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
dll26
Campaign
dll26
C2
https://eecakesconf.at/web982/gate.php
Attributes
-
build_id
7
rc4.plain
rsa_pubkey.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0993a3313cbea3ad2edb35657e66574bb88b4a0bd21134a72969b5b8f4be14.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4564-130-0x0000000000000000-mapping.dmp
-
memory/4564-132-0x00000000754E0000-0x0000000075593000-memory.dmpFilesize
716KB
-
memory/4564-131-0x00000000754E0000-0x0000000075506000-memory.dmpFilesize
152KB