Overview

overview

10

Static

static

B3.dll

windows7_x64

10

B3.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B3.dll

  • Size

    567KB

  • Sample

    200907-ht3nchnw3s

  • MD5

    06758591f9fede42c56ee311988acc4a

  • SHA1

    d1ed2bd42658512faaacbe8d8230d3b542991654

  • SHA256

    6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8

  • SHA512

    965c4ee025b0a146f4d7f332dc0768fb509389b9317581d97b6b94d003d60cfa9b3afe0dd973962eb5365b325f8a5e4b36482ba90b9dacfe4dfb1a864c05bb85

Score
10/10
zloaderbat1k3bat1k3botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      B3.dll

    • Size

      567KB

    • MD5

      06758591f9fede42c56ee311988acc4a

    • SHA1

      d1ed2bd42658512faaacbe8d8230d3b542991654

    • SHA256

      6679da77917ddc1ab75c7f05dee0701d172ff0bfc6a7cd92d4c73a66c877a7d8

    • SHA512

      965c4ee025b0a146f4d7f332dc0768fb509389b9317581d97b6b94d003d60cfa9b3afe0dd973962eb5365b325f8a5e4b36482ba90b9dacfe4dfb1a864c05bb85

    Score
    10/10
    trojanbotnetzloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • ServiceHost packer

      Detects ServiceHost packer used for .NET malware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks