Overview

overview

10

Static

static

addc39012b...in.dll

windows7_x64

10

addc39012b...in.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    addc39012bef78e54cb55e815b64c3ff93688e9925554b412a9247179faec943.bin

  • Size

    421KB

  • Sample

    200909-jd2lheqqfe

  • MD5

    0ecf9c3eefec1f74a8530c5e5ca6e830

  • SHA1

    966a5296db721f09dac820506200e7086526c09f

  • SHA256

    addc39012bef78e54cb55e815b64c3ff93688e9925554b412a9247179faec943

  • SHA512

    b0ffa1ff13850759b98eb68cc9429e9f0e13eccc2ebfb70ad670ab591f8c8b25315247ae7bf3f866cd134a35901eb03e57304beb402af019995a74c78dc66792

Score
10/10
zloadervek07/09botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

vek

Campaign

07/09

C2

https://hepgul.net/wp-parsing.php

https://jggourmet.com.br/wp-parsing.php

https://kokono.vn/wp-parsing.php

https://lacylisute.cf/wp-parsing.php

https://liftmais.com.br/wp-parsing.php

https://lightsourcegp.com/wp-parsing.php

https://livrosaborbrasil.com/wp-parsing.php

https://flatetinsirosearch.cf/wp-parsing.php

https://maiscroche.online/wp-parsing.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      addc39012bef78e54cb55e815b64c3ff93688e9925554b412a9247179faec943.bin

    • Size

      421KB

    • MD5

      0ecf9c3eefec1f74a8530c5e5ca6e830

    • SHA1

      966a5296db721f09dac820506200e7086526c09f

    • SHA256

      addc39012bef78e54cb55e815b64c3ff93688e9925554b412a9247179faec943

    • SHA512

      b0ffa1ff13850759b98eb68cc9429e9f0e13eccc2ebfb70ad670ab591f8c8b25315247ae7bf3f866cd134a35901eb03e57304beb402af019995a74c78dc66792

    Score
    10/10
    trojanbotnetzloader

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks