Overview

overview

10

Static

static

yn.dll

windows7_x64

10

yn.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yn.dll

  • Size

    404KB

  • Sample

    201109-1klh8898yj

  • MD5

    a3d9b510e2e17f4ea08aa9f74b54e6b5

  • SHA1

    78f875eabdca337c3526e52ba324902e7a148ce6

  • SHA256

    a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8

  • SHA512

    271db785f09d03f33c1931d2482c12ec3a7239125f433caab8c2257c29d7fbd702d9daf1f82c7b5654025a22ee223d92c4140082528ace0412c1b656f0d919c4

Score
10/10
zloadermiguel03/06botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

03/06

C2

https://ticlatchmisrato.tk/wp-parser.php

https://gahotimaskever.ga/wp-parser.php

http://cld.kazgau.com/wp-parser.php

https://cmso.med.cmu.ac.th/wp-parser.php

http://veamor.net/wp-parser.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      yn.dll

    • Size

      404KB

    • MD5

      a3d9b510e2e17f4ea08aa9f74b54e6b5

    • SHA1

      78f875eabdca337c3526e52ba324902e7a148ce6

    • SHA256

      a5e798492ba6892a57c79c635679563eceacb6d1efcc38f5dfc0232518861ca8

    • SHA512

      271db785f09d03f33c1931d2482c12ec3a7239125f433caab8c2257c29d7fbd702d9daf1f82c7b5654025a22ee223d92c4140082528ace0412c1b656f0d919c4

    Score
    10/10
    zloadermiguel03/06botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks