zloader | 44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b

Resubmissions

26-12-2022 13:32

221226-qtbkfsda54 10

04-08-2022 21:18

220804-z5qcesbae2 10

Analysis

max time kernel
32s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
26-12-2022 13:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll
Size

570KB
MD5

3f2036d6638df7dbeeaacd45d52c007b
SHA1

fc747b3049c96afde43d91e6089da7d3865931b9
SHA256

44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b
SHA512

7c48919e37abc7fb927f93b159f1b262e4168785f5f12a3b64f8d09a0c912f0a9af534a3343b5fdcf5b40bc437aa9b7308703d37be6022450733b46f6ccbfc8e
SSDEEP

6144:oUCE98sDXeHfijLo9qLV+yJqG3OOU0qs4wLjqonWpWjaBQY:LCS6HQSmlqGW0EwLtWwe7

Score

10^/10

zloader divader xls_s_2010 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

xls_s_2010

https://kochamkkkras.ru/gate.php

https://uookqihwdid.ru/gate.php

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php

Attributes

build_id
133

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3156	2988	rundll32.exe	67
PID 2988 wrote to memory of 3156	2988	rundll32.exe	67
PID 2988 wrote to memory of 3156	2988	rundll32.exe	67

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
  2⤵
  PID:3156
- - C:\Windows\SysWOW64\msiexec.exe
    msiexec.exe
    3⤵
    PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3156-117-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-118-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-119-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-120-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-121-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-122-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-123-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-124-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-125-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-126-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-127-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-128-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-129-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-130-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-132-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-133-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-134-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-135-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-136-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-137-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-131-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-138-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-139-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-140-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-141-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-142-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-143-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-144-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-145-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-146-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-147-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-148-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-149-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-150-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-151-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-152-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-153-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-154-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-155-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-156-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/3156-158-0x0000000003490000-0x00000000034B6000-memory.dmp

Filesize
152KB

Download
memory/3156-157-0x00000000033F0000-0x000000000343B000-memory.dmp

Filesize
300KB

Download
memory/3156-159-0x0000000003490000-0x00000000034B6000-memory.dmp

Filesize
152KB

Download
memory/3156-163-0x0000000003490000-0x00000000034B6000-memory.dmp

Filesize
152KB

Download
memory/5040-160-0x0000000002360000-0x0000000002386000-memory.dmp

Filesize
152KB

Download
memory/5040-162-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-164-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-165-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-166-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-168-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-169-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-171-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-172-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-173-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-174-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-175-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-176-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-177-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-178-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-179-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-180-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-181-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-182-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-183-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-184-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-185-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-186-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-187-0x00000000779D0000-0x0000000077B5E000-memory.dmp

Filesize
1.6MB

Download
memory/5040-215-0x0000000002360000-0x0000000002386000-memory.dmp

Filesize
152KB

Download
memory/5040-240-0x0000000002360000-0x0000000002386000-memory.dmp

Filesize
152KB

Download