zloader | 2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35

Analysis

max time kernel
71s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29-01-2023 20:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll
Size

300KB
MD5

1b7222bcb47d6ac7432f0ec61642b952
SHA1

3b9c2d45fd7813aecd6b40fba0eff184077f7022
SHA256

2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35
SHA512

7e858c83c56abb8747a8ceb2a97019f40af8b26ae417ac0a08711e93ddc186126bcfea684a5a27f1e06c1d016302788adc6ea0c655b844e3557698d1b924e77f
SSDEEP

3072:JdiOeks5zUuN7yoUwMZ1hYSez8OMo1y7Q9WJmm4jmkDAuJMuDzzksWJJQdQVHsWb:JBs5Qir8OMwy8lbJMuD+IoHrZf4PKz

Score

10^/10

zloader nut 09/10 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

09/10

https://1stsecuritysolutions.co.uk/17vfj3.php

https://aplusevents.com.au/elxbmr.php

https://autoescolatopsul.com.br/zsog59.php

https://avecla.es/d3k34t.php

https://triccirohepe.tk/wp-smarts.php

https://botchicoffee.com/fmsbdt.php

https://buddingreport.com/yxewxx.php

Attributes

build_id
163

rc4.plain

rsa_pubkey.plain

Signatures

Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
trojan botnet zloader

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 424 wrote to memory of 4060	424	rundll32.exe	80
PID 424 wrote to memory of 4060	424	rundll32.exe	80
PID 424 wrote to memory of 4060	424	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll,#1
  2⤵
  PID:4060

C:\Windows\SysWOW64\msiexec.exe
msiexec.exe
1⤵
PID:4920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4060-134-0x0000000074C60000-0x0000000074D0A000-memory.dmp

Filesize
680KB

Download
memory/4060-133-0x0000000074C60000-0x0000000074C88000-memory.dmp

Filesize
160KB

Download
memory/4060-135-0x0000000074C60000-0x0000000074D0A000-memory.dmp

Filesize
680KB

Download
memory/4060-136-0x0000000074C60000-0x0000000074D0A000-memory.dmp

Filesize
680KB

Download
memory/4060-139-0x0000000074C60000-0x0000000074D0A000-memory.dmp

Filesize
680KB

Download
memory/4920-138-0x0000000000C40000-0x0000000000C68000-memory.dmp

Filesize
160KB

Download
memory/4920-140-0x0000000000C40000-0x0000000000C68000-memory.dmp

Filesize
160KB

Download
memory/4920-141-0x0000000000C40000-0x0000000000C68000-memory.dmp

Filesize
160KB

Download