Overview

overview

10

Static

static

yfuvqe.dll

windows7_x64

10

yfuvqe.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yfuvqe.dll

  • Size

    389KB

  • Sample

    200812-2qdn69qtce

  • MD5

    93c0cd9a47c5c28335e773c1f451f200

  • SHA1

    0c53b71e52a382f2a920df2d80048b01616c62c4

  • SHA256

    deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2

  • SHA512

    cf6ae7d6b2ecbb3cbfbd99c067dd7b7b94572991aee00d00fb423acce9edd234a8662e00943873dcbf0931115871356ab57191f8be3b9041a779ce2b02a39223

Score
10/10
zloadermk1mac2botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://alesirovone.world/click.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      yfuvqe.dll

    • Size

      389KB

    • MD5

      93c0cd9a47c5c28335e773c1f451f200

    • SHA1

      0c53b71e52a382f2a920df2d80048b01616c62c4

    • SHA256

      deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2

    • SHA512

      cf6ae7d6b2ecbb3cbfbd99c067dd7b7b94572991aee00d00fb423acce9edd234a8662e00943873dcbf0931115871356ab57191f8be3b9041a779ce2b02a39223

    Score
    10/10
    trojanbotnetzloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks