Overview

overview

10

Static

static

456750efc3...c3.dll

windows7_x64

1

456750efc3...c3.dll

windows10-2004_x64

10

Analysis

  • max time kernel
    101s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    19-04-2022 04:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll

  • Size

    275KB

  • MD5

    4ec9ed400a8d45b102bcf85de77218c3

  • SHA1

    2d482fb741a7e30f70e6c6a48bfa2d3aff94a82d

  • SHA256

    456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3

  • SHA512

    cd284443049bb5645049989d89803414ab8180759f97388033a8ccfdf165deda5f7efac6102cca9a6a4c147b36b694ba75d5cc46226b7bf234fa808191177a0a

Score
10/10
zloaderkev30/10botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

30/10

C2

https://creditoacumuladoicms.com.br/npnegt.php

https://morgadoent.co.za/fp3jsl.php

https://access-one.us/clkgmw.php

https://amazonuniverse.in/dgxcee.php

https://ntandingsundhosmala.tk/wp-smarts.php
Attributes
  • build_id

    189

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4896
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\456750efc3ddf0cd4593164d18b55287eec0ede2799e753e5883db21dbbef8c3.dll,#1
      2⤵
        PID:3304
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:4728

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3304-130-0x0000000000000000-mapping.dmp
        Download
      • memory/3304-132-0x0000000074EE0000-0x0000000074F81000-memory.dmp
        Filesize

        644KB

        Download
      • memory/3304-131-0x0000000074EE0000-0x0000000074F06000-memory.dmp
        Filesize

        152KB

        Download
      • memory/3304-133-0x0000000074EE0000-0x0000000074F81000-memory.dmp
        Filesize

        644KB

        Download
      • memory/4728-134-0x0000000000000000-mapping.dmp
        Download
      • memory/4728-135-0x00000000001D0000-0x00000000001F6000-memory.dmp
        Filesize

        152KB

        Download
      • memory/4728-136-0x00000000001D0000-0x00000000001F6000-memory.dmp
        Filesize

        152KB

        Download