zloader | 98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817

Analysis

max time kernel
118s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
24-05-2022 16:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817.dll
Size

615KB
MD5

a5aaec8e6bc64b8166195cc890408686
SHA1

2e0fdf9a5c5ff3833fdcd82e087da7d28252f36a
SHA256

98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817
SHA512

ecbb66caf24e84f8a6d584429d2c3526e373902a85f42e795dc4d61d848f53113c7d8c3ceba8f871a2160a51ef80404d19279bb1ed93ffefcff0e0469155f836

Score

10^/10

zloader spx138 spx138 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

spx138

Campaign

spx138

https://xeemoquo.top/treusparq.php

https://leeephee.top/treusparq.php

https://withifceale.top/treusparq.php

https://wpsnoum.pw/treusparq.php

https://wsaexdig.pw/treusparq.php

Attributes

build_id
10

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 4084	4160	rundll32.exe	19
PID 4160 wrote to memory of 4084	4160	rundll32.exe	19
PID 4160 wrote to memory of 4084	4160	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98bff67b26daf42bc09a7579d8f08ad88a83cdaafed1bc5c7bea8519af3c9817.dll,#1
  2⤵
  PID:4084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4084-132-0x0000000001030000-0x000000000105C000-memory.dmp

Filesize
176KB

Download
memory/4084-131-0x0000000000FA0000-0x0000000000FC9000-memory.dmp

Filesize
164KB

Download