zloader | 795268d44a8c63129e72dcc0a832bfd20526745c5dc3bfda17eacbd19acc85b8

Analysis

max time kernel
131s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
19/04/2022, 04:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

795268d44a8c63129e72dcc0a832bfd20526745c5dc3bfda17eacbd19acc85b8.dll
Size

277KB
MD5

483dba96a462faa4a9023caa518b0ee4
SHA1

cafb62e91fd58cf4b6d3b5a5bcd41cf89165cc32
SHA256

795268d44a8c63129e72dcc0a832bfd20526745c5dc3bfda17eacbd19acc85b8
SHA512

a20ffd1ad4eef318528efdbc54042fc250ac67e5b59540e916ec6abd902cad0673d055223cb54fea2a35a6db5063381720f0325c5adb7a93df3d9f8f9c55e220

Score

10^/10

zloader nut 30/10 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/10

https://creditoacumuladoicms.com.br/npnegt.php

https://morgadoent.co.za/fp3jsl.php

https://access-one.us/clkgmw.php

https://amazonuniverse.in/dgxcee.php

https://ntandingsundhosmala.tk/wp-smarts.php

Attributes

build_id
188

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4720 wrote to memory of 2508	4720	rundll32.exe	79
PID 4720 wrote to memory of 2508	4720	rundll32.exe	79
PID 4720 wrote to memory of 2508	4720	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\795268d44a8c63129e72dcc0a832bfd20526745c5dc3bfda17eacbd19acc85b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\795268d44a8c63129e72dcc0a832bfd20526745c5dc3bfda17eacbd19acc85b8.dll,#1
  2⤵
  PID:2508

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2508-132-0x0000000074CC0000-0x0000000074CE6000-memory.dmp

Filesize
152KB

Download
memory/2508-133-0x0000000074CC0000-0x0000000074D5E000-memory.dmp

Filesize
632KB

Download
memory/2508-134-0x0000000074CC0000-0x0000000074D5E000-memory.dmp

Filesize
632KB

Download