Analysis

  • max time kernel
    89s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    27-04-2022 15:26

General

  • Target

    317c75f14d530b9ede2848d70e1bc98b85d37023b5e440471148d90085d233d5.exe

  • Size

    207KB

  • MD5

    625737c7973577108995ca1ec9716941

  • SHA1

    7443adaadffa465a67da70ffc4b30f7a342f8d9c

  • SHA256

    317c75f14d530b9ede2848d70e1bc98b85d37023b5e440471148d90085d233d5

  • SHA512

    8f98f265da1e464f2ed8729df6da9fa8882c6867be8378bc07f0f4eafbd426ae14f3703dd3175e5ef4ca5621e4078b03436cac3b0aee66339f638330791c1a4b

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://monanuslanus.com/bFnF0y1r/7QKpXmV3Pz.php

https://lericastrongs.com/bFnF0y1r/7QKpXmV3Pz.php

https://hyllionsudks.com/bFnF0y1r/7QKpXmV3Pz.php

https://crimewasddef.com/bFnF0y1r/7QKpXmV3Pz.php

https://derekdsingel.com/bFnF0y1r/7QKpXmV3Pz.php

https://simplereffiret.com/bFnF0y1r/7QKpXmV3Pz.php

https://regeerscomba.com/bFnF0y1r/7QKpXmV3Pz.php

Attributes
  • build_id

    77

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

Processes

  • C:\Users\Admin\AppData\Local\Temp\317c75f14d530b9ede2848d70e1bc98b85d37023b5e440471148d90085d233d5.exe
    "C:\Users\Admin\AppData\Local\Temp\317c75f14d530b9ede2848d70e1bc98b85d37023b5e440471148d90085d233d5.exe"
    1⤵
      PID:4668

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4668-130-0x00000000004B8000-0x00000000004CF000-memory.dmp
      Filesize

      92KB

    • memory/4668-131-0x00000000021D0000-0x00000000021F2000-memory.dmp
      Filesize

      136KB

    • memory/4668-132-0x0000000000400000-0x000000000048A000-memory.dmp
      Filesize

      552KB