Overview

overview

10

Static

static

ZnVmZdD.dll

windows7_x64

10

ZnVmZdD.dll

windows10_x64

10

Resubmissions

31-10-2020 05:41

201031-a4vqedhr2n 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ZnVmZdD.zip

  • Size

    354KB

  • Sample

    201031-a4vqedhr2n

  • MD5

    6705b8b83b7fb6eaad72f6939640b29f

  • SHA1

    0a3702cb48bb5b491e0d9f78c2fbf4c39565d30d

  • SHA256

    6d63bbc66801b9842d93edb1ebb0bae46a7218dceb83328f27deb5f3ad0f974b

  • SHA512

    7b8bc47007f7bce44276a430de8e56403e1b60cbc2fef15c434b106ae84c3f217dfbf09d876f77cb574eb3be3e74e47d3f2b720439e73237ba7b6749b0061169

Score
10/10
zloaderapr14spambotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

Apr14

Campaign

Spam

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php
rc4.plain

Targets

    • Target

      ZnVmZdD.dll

    • Size

      539KB

    • MD5

      a070bb84c2735c67a3f6154dc403f7d0

    • SHA1

      fac8a42c17a0f19760a8596980707278de24556c

    • SHA256

      4553d627f2509e19e9b84491c08ec9854d785df4f74e900b969c57ccd244c086

    • SHA512

      bd32cd6ae1caea1722bf0df36a6952ba9381afcd45423231a761b8df692c3364172ea04637fc9a8a242a1a363931db8248c89024aace5b65383eeabbdcd4f7db

    Score
    10/10
    zloaderapr14spambotnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks