Overview

overview

10

Static

static

10

44ede6e1b9...0b.dll

windows7-x64

10

44ede6e1b9...0b.dll

windows10-1703-x64

10

44ede6e1b9...0b.dll

windows10-2004-x64

10

830700df4f...46.dll

windows7-x64

10

830700df4f...46.dll

windows10-1703-x64

10

830700df4f...46.dll

windows10-2004-x64

10

b89d80ca3f...79.dll

windows7-x64

10

b89d80ca3f...79.dll

windows10-1703-x64

10

b89d80ca3f...79.dll

windows10-2004-x64

10

cad0968f5a...b9.exe

windows7-x64

10

cad0968f5a...b9.exe

windows10-1703-x64

10

cad0968f5a...b9.exe

windows10-2004-x64

10

e3932ab83b...e8.dll

windows7-x64

10

e3932ab83b...e8.dll

windows10-1703-x64

10

e3932ab83b...e8.dll

windows10-2004-x64

10

Resubmissions

03-08-2023 07:52

230803-jqkwdsca99 10

27-07-2023 11:24

230727-nhyvhaec35 10

26-12-2022 13:39

221226-qx588sgb9y 10

26-12-2022 13:39

221226-qx1zhsgb9x 10

26-12-2022 13:38

221226-qxxbbsda57 10

26-12-2022 13:38

221226-qxjp8sda56 10

Analysis

  • max time kernel
    37s
  • max time network
    149s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-en
  • resource tags

    arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26-12-2022 13:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll

  • Size

    570KB

  • MD5

    3f2036d6638df7dbeeaacd45d52c007b

  • SHA1

    fc747b3049c96afde43d91e6089da7d3865931b9

  • SHA256

    44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b

  • SHA512

    7c48919e37abc7fb927f93b159f1b262e4168785f5f12a3b64f8d09a0c912f0a9af534a3343b5fdcf5b40bc437aa9b7308703d37be6022450733b46f6ccbfc8e

  • SSDEEP

    6144:oUCE98sDXeHfijLo9qLV+yJqG3OOU0qs4wLjqonWpWjaBQY:LCS6HQSmlqGW0EwLtWwe7

Score
10/10
zloaderdivaderxls_s_2010botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

xls_s_2010

C2

https://kochamkkkras.ru/gate.php

https://uookqihwdid.ru/gate.php

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php
Attributes
  • build_id

    133

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3040
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
      2⤵
        PID:3472
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:2524

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2524-163-0x0000000000600000-0x0000000000626000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2524-243-0x0000000000600000-0x0000000000626000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2524-218-0x0000000000600000-0x0000000000626000-memory.dmp

        Filesize

        152KB

        Download

      • memory/2524-188-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-190-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-189-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-187-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-186-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-185-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-184-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-183-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-182-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-181-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-180-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-179-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-178-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-177-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-176-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-175-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-174-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-172-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-171-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-165-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-169-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-168-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2524-167-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-137-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-141-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-148-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-149-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-150-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-151-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-152-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-153-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-154-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-155-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-156-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-157-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-158-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-159-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-161-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/3472-160-0x0000000000AF0000-0x0000000000B3B000-memory.dmp

        Filesize

        300KB

        Download

      • memory/3472-162-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/3472-146-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-145-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-166-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/3472-144-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-143-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-142-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-147-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-140-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-139-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-138-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-136-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-135-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-134-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-133-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-132-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-131-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-130-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-129-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-128-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-127-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-126-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-125-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-124-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-123-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-122-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-121-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/3472-120-0x0000000077E00000-0x0000000077F8E000-memory.dmp

        Filesize

        1.6MB

        Download