Overview

overview

10

Static

static

9

SecuriteIn...52.dll

windows7_x64

10

SecuriteIn...52.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252

  • Size

    615KB

  • Sample

    201109-arlthggnxs

  • MD5

    6194d6d5c247b9cb44fce201d8d9d7f4

  • SHA1

    52318e5ee0869113ef1b0613ece433950a738518

  • SHA256

    f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea

  • SHA512

    c1e765f32bdaf14a1315fc2e9f0372f1ef3da15d3212d3fb15972500e2b6f26783a98456fc846babc5853c14c545b73ab328d786887fc3db94ac01f63c6ac564

Score
10/10
zloaderspx138spx138botnetcryptonepackertrojan

Malware Config

Extracted

Family

zloader

Botnet

spx138

Campaign

spx138

C2

https://xeemoquo.top/treusparq.php

https://leeephee.top/treusparq.php

https://withifceale.top/treusparq.php

https://wpsnoum.pw/treusparq.php

https://wsaexdig.pw/treusparq.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252

    • Size

      615KB

    • MD5

      6194d6d5c247b9cb44fce201d8d9d7f4

    • SHA1

      52318e5ee0869113ef1b0613ece433950a738518

    • SHA256

      f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea

    • SHA512

      c1e765f32bdaf14a1315fc2e9f0372f1ef3da15d3212d3fb15972500e2b6f26783a98456fc846babc5853c14c545b73ab328d786887fc3db94ac01f63c6ac564

    Score
    10/10
    zloaderspx138spx138botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks