Overview

overview

10

Static

static

spa.dll

windows7_x64

10

spa.dll

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    spa.dll

  • Size

    303KB

  • Sample

    200625-11g7rldl8a

  • MD5

    f43f52bd2169e602979539ebd3ea3013

  • SHA1

    1fe422d59e004dbddfcd0529cdaa261302672bb9

  • SHA256

    ca1b4e983030b69980269bb1335ba3baad6870024f564495ef99f5b98e4d07d3

  • SHA512

    f938a06da8b78a0afcafba2a1ecabcb4e1484a307170b4b7b6b2d1753c4cf1b455c71e8ad241c51a971898229cb7b751fcd7a5a4f933da59329d6e028f08a6ec

Score
10/10
zloaderid1spambotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

id1

Campaign

spam

C2

https://axisbasis.xyz/data.php

Ts72YjsjO5TghE6m

eX�A�ץ�K8�z�d�or�����"t��r�҂.�ߨ=��FE�hI�j��En�PsO��<��M �KN��;4�Y �8��\ �q������8Gp�;�pm!g
rc4.plain

Targets

    • Target

      spa.dll

    • Size

      303KB

    • MD5

      f43f52bd2169e602979539ebd3ea3013

    • SHA1

      1fe422d59e004dbddfcd0529cdaa261302672bb9

    • SHA256

      ca1b4e983030b69980269bb1335ba3baad6870024f564495ef99f5b98e4d07d3

    • SHA512

      f938a06da8b78a0afcafba2a1ecabcb4e1484a307170b4b7b6b2d1753c4cf1b455c71e8ad241c51a971898229cb7b751fcd7a5a4f933da59329d6e028f08a6ec

    Score
    10/10
    trojanbotnetzloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks