Overview

overview

10

Static

static

2c59990304...35.dll

windows7-x64

10

2c59990304...35.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    71s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-01-2023 20:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll

  • Size

    300KB

  • MD5

    1b7222bcb47d6ac7432f0ec61642b952

  • SHA1

    3b9c2d45fd7813aecd6b40fba0eff184077f7022

  • SHA256

    2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35

  • SHA512

    7e858c83c56abb8747a8ceb2a97019f40af8b26ae417ac0a08711e93ddc186126bcfea684a5a27f1e06c1d016302788adc6ea0c655b844e3557698d1b924e77f

  • SSDEEP

    3072:JdiOeks5zUuN7yoUwMZ1hYSez8OMo1y7Q9WJmm4jmkDAuJMuDzzksWJJQdQVHsWb:JBs5Qir8OMwy8lbJMuD+IoHrZf4PKz

Score
10/10
zloadernut09/10botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

09/10

C2

https://1stsecuritysolutions.co.uk/17vfj3.php

https://aplusevents.com.au/elxbmr.php

https://autoescolatopsul.com.br/zsog59.php

https://avecla.es/d3k34t.php

https://triccirohepe.tk/wp-smarts.php

https://botchicoffee.com/fmsbdt.php

https://buddingreport.com/yxewxx.php
Attributes
  • build_id

    163

rc4.plain
rsa_pubkey.plain

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c599903042c465b6711805474f55548adc42c70634a7a1665d8cab874fdac35.dll,#1
      2⤵
        PID:4060
    • C:\Windows\SysWOW64\msiexec.exe
      msiexec.exe
      1⤵
        PID:4920

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4060-132-0x0000000000000000-mapping.dmp
        Download
      • memory/4060-134-0x0000000074C60000-0x0000000074D0A000-memory.dmp
        Filesize

        680KB

        Download
      • memory/4060-133-0x0000000074C60000-0x0000000074C88000-memory.dmp
        Filesize

        160KB

        Download
      • memory/4060-135-0x0000000074C60000-0x0000000074D0A000-memory.dmp
        Filesize

        680KB

        Download
      • memory/4060-136-0x0000000074C60000-0x0000000074D0A000-memory.dmp
        Filesize

        680KB

        Download
      • memory/4060-139-0x0000000074C60000-0x0000000074D0A000-memory.dmp
        Filesize

        680KB

        Download
      • memory/4920-137-0x0000000000000000-mapping.dmp
        Download
      • memory/4920-138-0x0000000000C40000-0x0000000000C68000-memory.dmp
        Filesize

        160KB

        Download
      • memory/4920-140-0x0000000000C40000-0x0000000000C68000-memory.dmp
        Filesize

        160KB

        Download
      • memory/4920-141-0x0000000000C40000-0x0000000000C68000-memory.dmp
        Filesize

        160KB

        Download