zloader | 164d36f53bcb5f7a12e35853f30792a8c106488c71b5a2145486b998cfaf804a

Analysis

Target

164d36f53bcb5f7a12e35853f30792a8c106488c71b5a2145486b998cfaf804a.dll
Size

415KB
MD5

dbadd7d0d59eeb30ce5a7eda3f4a3336
SHA1

1e8d76eef202ef2aa6669f8a8e2b1a61b941671e
SHA256

164d36f53bcb5f7a12e35853f30792a8c106488c71b5a2145486b998cfaf804a
SHA512

5cbd1b97ed9a6a6432c5c950b49c9b2abc49f13ee5e53b2c202842084ce46630458692bca5fe4c2208d24fd9ed23be422e365b50ed6fd372a77924283e41a183

Score

10^/10

Family

zloader

Botnet

october

Campaign

october08

http://sept9stuff10.com/web/post.php

http://sept9stuff11.com/web/post.php

Attributes

rc4.plain

rsa_pubkey.plain

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27
PID 1928 wrote to memory of 1620	1928	regsvr32.exe	27

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\164d36f53bcb5f7a12e35853f30792a8c106488c71b5a2145486b998cfaf804a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\164d36f53bcb5f7a12e35853f30792a8c106488c71b5a2145486b998cfaf804a.dll
  2⤵
  PID:1620

memory/1620-56-0x0000000074E91000-0x0000000074E93000-memory.dmp

Filesize
8KB

Download
memory/1620-57-0x00000000745D0000-0x00000000745F8000-memory.dmp

Filesize
160KB

Download
memory/1620-58-0x00000000745D0000-0x0000000074697000-memory.dmp

Filesize
796KB

Download
memory/1620-59-0x00000000745D0000-0x0000000074697000-memory.dmp

Filesize
796KB

Download
memory/1928-54-0x000007FEFBA91000-0x000007FEFBA93000-memory.dmp

Filesize
8KB

Download