Overview

overview

10

Static

static

rbs.dll

windows7_x64

10

rbs.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rbs.dll

  • Size

    647KB

  • Sample

    201109-rweb1lsynn

  • MD5

    bc58fbed7d71bf28acea73add0503c02

  • SHA1

    583461aa5b6a39c5a1f969118e1191f70fdf09fe

  • SHA256

    2f93f6e6c2f2c3a9e9e62c976fde8668fe6c99aaba02809217ad5c2e1ac0227a

  • SHA512

    ecf7fcf2441484ad48473cda5797df4c66cdf7b16601b708e1c5069060762f7e9639ffcaf26c55fc41732220498ed1ef98201825fb34782be49d4df18a25218f

Score
10/10
zloaderbot5bot5botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

Targets

    • Target

      rbs.dll

    • Size

      647KB

    • MD5

      bc58fbed7d71bf28acea73add0503c02

    • SHA1

      583461aa5b6a39c5a1f969118e1191f70fdf09fe

    • SHA256

      2f93f6e6c2f2c3a9e9e62c976fde8668fe6c99aaba02809217ad5c2e1ac0227a

    • SHA512

      ecf7fcf2441484ad48473cda5797df4c66cdf7b16601b708e1c5069060762f7e9639ffcaf26c55fc41732220498ed1ef98201825fb34782be49d4df18a25218f

    Score
    10/10
    zloaderbot5bot5botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks