Overview

overview

10

Static

static

e6ff434fbb...80.dll

windows7-x64

10

e6ff434fbb...80.dll

windows10-1703-x64

10

e6ff434fbb...80.dll

windows10-2004-x64

10

Resubmissions

26-12-2022 13:28

221226-qqwq8ada46 10

25-11-2022 10:07

221125-l5na6sdb4t 10

Analysis

  • max time kernel
    63s
  • max time network
    65s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-12-2022 13:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580.dll

  • Size

    274KB

  • MD5

    d046de3d748585f4740f11f44c5e7c31

  • SHA1

    2b04641bd67e7d4bc6170bbd05b33a33dea521da

  • SHA256

    e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580

  • SHA512

    8f5bbdd39a6932b7b30be8736e1d5f7df4d20b894a3396f18daa93b018f7fa0651d3d915d37a13f84359439e23060cd1f9ac12b7c5aeff8f2353b8e0422df6e1

  • SSDEEP

    6144:sq0e5NP+8ZqKMLLnMxOl6sl4IgKW1rYxk4xJS4H1m3tz3qLWYemA:s2Cnj6sYS36aC

Score
10/10
zloaderkev02/02botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

02/02

C2

https://inservitudetothedivine.com/post.php

https://pebbleauto.com/post.php

https://ineenbeaudi.tk/post.php
Attributes
  • build_id

    325

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2100
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580.dll,#1
      2⤵
      • Suspicious use of SetThreadContext
      • Suspicious use of WriteProcessMemory
      PID:1640
      • C:\Windows\SysWOW64\msiexec.exe
        msiexec.exe
        3⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1640-121-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-122-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-123-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-124-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-125-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-126-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-128-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-127-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-130-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-131-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-129-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-132-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-134-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-135-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-137-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-138-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-140-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-141-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-142-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-139-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-136-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-144-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-146-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-148-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-150-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-151-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-152-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-154-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-156-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-155-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-158-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-157-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-153-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-149-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-160-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-162-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-163-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-161-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-159-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-147-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-145-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-143-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-133-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/1640-164-0x0000000010000000-0x0000000012541000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/1640-165-0x0000000004CD0000-0x000000000720B000-memory.dmp

    Filesize

    37.2MB

    Download

  • memory/1640-177-0x0000000010000000-0x0000000012541000-memory.dmp

    Filesize

    37.3MB

    Download

  • memory/4832-166-0x0000000000700000-0x0000000000726000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4832-168-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-169-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-170-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-171-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-173-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-174-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-176-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-178-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-179-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-180-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-181-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-182-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-183-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-184-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-185-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-186-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-187-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-188-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-190-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-189-0x00000000776D0000-0x000000007785E000-memory.dmp

    Filesize

    1.6MB

    Download

  • memory/4832-215-0x0000000000700000-0x0000000000726000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4832-233-0x0000000000700000-0x0000000000726000-memory.dmp

    Filesize

    152KB

    Download