Overview

overview

10

Static

static

1

muadcuy.exe

windows7_x64

10

muadcuy.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    muadcuy.zip

  • Size

    231KB

  • Sample

    201030-dpcpy891ka

  • MD5

    2adc81667e86d42bb29aeb9ff113b3e2

  • SHA1

    35707c24183582750f204c47ae62dffeee5a26f3

  • SHA256

    b8259166630826fd7d8057329d3e0419d0eb37c890a29bbb000a1db73f02fce4

  • SHA512

    6f102aa437c748f74e3caf6ffd2336259bc57db7ae6fe23ed0811cc0aacaead55c5ec9534a7b1a7f9f02f248acdd24b73ac18d02e1c6661ea0b52ac08f83108a

Score
10/10
zloadersgsgbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hoxfqvlgoabyfspvjimc.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      muadcuy.exe

    • Size

      343KB

    • MD5

      d5afcf6fe67071bc51781701b7f9281a

    • SHA1

      6f1ac3e0a66b11200d323e615acbcb5f2fd8e4ba

    • SHA256

      93951379e57e4f159bb62fd7dd563d1ac2f3f23c80ba89f2da2e395b8a647dcf

    • SHA512

      3c5eac5cd73af63490a61867757c18b7fa971dc48bac3ec5e076c58f5530cb2962106c08f5375fb40038f048067f72e5b5cd2c31e6ad7379767544ec6d01949e

    Score
    10/10
    zloadersgsgbotnettrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks