Overview

overview

10

Static

static

fe92ba37ac...17.dll

windows7_x64

1

fe92ba37ac...17.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    85s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    19-04-2022 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll

  • Size

    652KB

  • MD5

    3164bff4a716e80bd44e623135f93f82

  • SHA1

    f1b87e225d149464eee3781808dd9ccf293d221b

  • SHA256

    fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17

  • SHA512

    0165f96a030e97160a65a4e75a2663ae0447a0d3990a007a2bc27c510bb836eba127224219dbaa91d728c77e0686d064ea10fb871f74325158d8fb0d88c68da9

Score
10/10
zloaderoctoct23botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

oct

Campaign

oct23

C2

http://wingtonwelbemdon.com/web/post.php

http://donburitimesofindia.com/web/post.php

http://celtictimesofkarishan.com/web/post.php

http://welcometothehotelsoflifes.com/web/post.php

http://wheredidtheelllcctoncsgo.com/web/post.php

http://myworld2002020999.com/web/post.php
Attributes
  • build_id

    68

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4004
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe92ba37ac1124c880983da60dd4b32bc8d82a180c5784bb72f9a0df41950a17.dll,#1
      2⤵
        PID:2996
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:4800

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2996-130-0x0000000000000000-mapping.dmp

        Download

      • memory/2996-132-0x0000000074AD0000-0x0000000074B80000-memory.dmp

        Filesize

        704KB

        Download

      • memory/2996-131-0x0000000074AD0000-0x0000000074AF5000-memory.dmp

        Filesize

        148KB

        Download

      • memory/2996-133-0x0000000074AD0000-0x0000000074B80000-memory.dmp

        Filesize

        704KB

        Download

      • memory/4800-134-0x0000000000000000-mapping.dmp

        Download

      • memory/4800-135-0x0000000000580000-0x00000000005A5000-memory.dmp

        Filesize

        148KB

        Download

      • memory/4800-136-0x0000000000580000-0x00000000005A5000-memory.dmp

        Filesize

        148KB

        Download