zloader | 76f4db4f373809a4dba455b3370a049295e711f635fa4c070790e1cb907e31a6

Resubmissions

03-08-2023 07:52

230803-jqkwdsca99 10

27-07-2023 11:24

26-12-2022 13:39

26-12-2022 13:39

26-12-2022 13:38

26-12-2022 13:38

Analysis

max time kernel
37s
max time network
149s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
26-12-2022 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll
Size

570KB
MD5

3f2036d6638df7dbeeaacd45d52c007b
SHA1

fc747b3049c96afde43d91e6089da7d3865931b9
SHA256

44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b
SHA512

7c48919e37abc7fb927f93b159f1b262e4168785f5f12a3b64f8d09a0c912f0a9af534a3343b5fdcf5b40bc437aa9b7308703d37be6022450733b46f6ccbfc8e
SSDEEP

6144:oUCE98sDXeHfijLo9qLV+yJqG3OOU0qs4wLjqonWpWjaBQY:LCS6HQSmlqGW0EwLtWwe7

Score

10^/10

zloader divader xls_s_2010 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

xls_s_2010

https://kochamkkkras.ru/gate.php

https://uookqihwdid.ru/gate.php

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php

Attributes

build_id
133

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3040 wrote to memory of 3472	3040	rundll32.exe	rundll32.exe
PID 3040 wrote to memory of 3472	3040	rundll32.exe	rundll32.exe
PID 3040 wrote to memory of 3472	3040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ede6e1b9be1c013f13d82645f7a9cff7d92b267778f19b46aa5c1f7fa3c10b.dll,#1
2⤵
PID:3472

C:\Windows\SysWOW64\msiexec.exe
msiexec.exe
3⤵
PID:2524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2524-163-0x0000000000600000-0x0000000000626000-memory.dmp

Filesize
152KB

Download
memory/2524-243-0x0000000000600000-0x0000000000626000-memory.dmp

Filesize
152KB

Download
memory/2524-218-0x0000000000600000-0x0000000000626000-memory.dmp

Filesize
152KB

Download
memory/2524-188-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-190-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-189-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-187-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-186-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-185-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-184-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-183-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-182-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-181-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-180-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-179-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-178-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-177-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-176-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-175-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-174-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-172-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-171-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-165-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-169-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-168-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-167-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/2524-164-0x0000000000000000-mapping.dmp

Download
memory/3472-137-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-141-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-148-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-149-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-150-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-151-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-152-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-153-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-154-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-155-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-156-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-157-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-158-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-159-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-161-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

Filesize
152KB

Download
memory/3472-160-0x0000000000AF0000-0x0000000000B3B000-memory.dmp

Filesize
300KB

Download
memory/3472-162-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

Filesize
152KB

Download
memory/3472-146-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-145-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-166-0x0000000000BC0000-0x0000000000BE6000-memory.dmp

Filesize
152KB

Download
memory/3472-144-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-143-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-142-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-147-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-140-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-139-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-138-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-119-0x0000000000000000-mapping.dmp

Download
memory/3472-136-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-135-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-134-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-133-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-132-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-131-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-130-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-129-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-128-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-127-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-126-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-125-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-124-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-123-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-122-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-121-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download
memory/3472-120-0x0000000077E00000-0x0000000077F8E000-memory.dmp

Filesize
1.6MB

Download