Overview

overview

10

Static

static

84e0da69f0...20.dll

windows7-x64

10

84e0da69f0...20.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    46s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 17:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    84e0da69f087625607c97c889e3e640d49e2718c568ad4d463100de44721df20.dll

  • Size

    596KB

  • MD5

    1848710f7840771b98a7479c4ee1a921

  • SHA1

    508964276e7da323de16f6d3f25534c92fc4576d

  • SHA256

    84e0da69f087625607c97c889e3e640d49e2718c568ad4d463100de44721df20

  • SHA512

    78a2ce199be94b637ba3f42b6f0da399dfea93e12dc744c0cebdaae1ba8c81a1a3021ca3e5182605fa670f0e5d047f7a31cc62b1f27976aec4144bbb8434facb

  • SSDEEP

    12288:8L3o6XSk12WACq+6eYuHyAUStUeinhn6:M3o6J12jC5JLHDUAUY

Score
10/10
zloadergoogleaktualizacijagoogleaktualizacija2botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
Attributes
  • build_id

    156

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\84e0da69f087625607c97c889e3e640d49e2718c568ad4d463100de44721df20.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:976
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\84e0da69f087625607c97c889e3e640d49e2718c568ad4d463100de44721df20.dll
      2⤵
        PID:1472
        • C:\Windows\SysWOW64\msiexec.exe
          msiexec.exe
          3⤵
            PID:4116

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/1472-133-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1472-134-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1472-135-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/1472-138-0x0000000000400000-0x00000000004A3000-memory.dmp

        Filesize

        652KB

        Download

      • memory/4116-137-0x00000000001C0000-0x00000000001E6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4116-139-0x00000000001C0000-0x00000000001E6000-memory.dmp

        Filesize

        152KB

        Download

      • memory/4116-140-0x00000000001C0000-0x00000000001E6000-memory.dmp

        Filesize

        152KB

        Download