Overview

overview

10

Static

static

SecuriteIn...83.dll

windows7_x64

10

SecuriteIn...83.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Generic.mg.22c1b894002c6ffd.12583

  • Size

    723KB

  • Sample

    200827-3skv3kjde2

  • MD5

    22c1b894002c6ffd1fdc2a75b48ddcda

  • SHA1

    5037543f108882d6a0d5b1907d125d40e4126e32

  • SHA256

    c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

  • SHA512

    67fe107a5bf13fa041eed46c4477ced5fd1af826cd6fc7e5b0661f3690d1a1eeeb69973ef9ccb50c13bc38740711ad0070daaa4b23ef49c9f28c164a881c4a67

Score
10/10
zloaderbat1k3bat1k3botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Generic.mg.22c1b894002c6ffd.12583

    • Size

      723KB

    • MD5

      22c1b894002c6ffd1fdc2a75b48ddcda

    • SHA1

      5037543f108882d6a0d5b1907d125d40e4126e32

    • SHA256

      c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2

    • SHA512

      67fe107a5bf13fa041eed46c4477ced5fd1af826cd6fc7e5b0661f3690d1a1eeeb69973ef9ccb50c13bc38740711ad0070daaa4b23ef49c9f28c164a881c4a67

    Score
    10/10
    trojanbotnetzloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks