Analysis
-
max time kernel
107s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
21-09-2022 07:12
General
-
Target
511dab2388e7a98cc70a8e6abbfe3c47f170c9fc616941a2c05c08b1fc449ef1.dll
-
Size
372KB
-
MD5
70e58943ac83f5d6467e5e173ec66b28
-
SHA1
ab2dd9bb32849fcb4c8be3ca8277c7e3bd89b941
-
SHA256
511dab2388e7a98cc70a8e6abbfe3c47f170c9fc616941a2c05c08b1fc449ef1
-
SHA512
a13926885a211f814a8c3d19f4feda64c73876c1e04e93bd2fffa6ae6e03f100ea415743e8c23810f6402ae3f8d73adb3003defbc12d409656b395c3ebc7a913
-
SSDEEP
6144:tZ9hTPbmQmla02F8iU+7831GRHLjA8rWHzSOcwNTn:XDPb8002F8iU+43ERrjjrCnNz
Score
10/10
Malware Config
Extracted
Family
zloader
Botnet
main
Campaign
10.02.2020
C2
https://fibulu.org/sound.php
https://tarynak.org/sound.php
Attributes
-
build_id
6
rc4.plain
Signatures
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Suspicious use of SetThreadContext 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\511dab2388e7a98cc70a8e6abbfe3c47f170c9fc616941a2c05c08b1fc449ef1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\511dab2388e7a98cc70a8e6abbfe3c47f170c9fc616941a2c05c08b1fc449ef1.dll,#12⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\msiexec.exemsiexec.exe3⤵
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
-
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152KB
-
Filesize
152KB
-
Filesize
152KB
-
Filesize
380KB
-
Filesize
32KB