Overview

overview

10

Static

static

9

senate.m4a.dll

windows7_x64

10

senate.m4a.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    senate.m4a

  • Size

    575KB

  • Sample

    201109-x98lp536tn

  • MD5

    8bdb30d9f3c697d3f12aea9dd3d83a60

  • SHA1

    f89fc63457ce4914b5e41ed0b17af0a9e1ac6119

  • SHA256

    3bc843b534c96a38ab8f4b785f902f70dc8ebd48164aa0870562da285c49a9ec

  • SHA512

    bc7f688736b607baea107ea20d1e6686aed9619b7f10b81b95a74ac652c09696a83160f603c5b106498643c10c8eb60572ffbdcd23db6c12e68c15d9dec5f905

Score
10/10
zloaderspx139spx139botnetcryptonepackertrojan

Malware Config

Extracted

Family

zloader

Botnet

spx139

Campaign

spx139

C2

https://xeemoquo.top/treusparq.php

https://leeephee.top/treusparq.php

https://withifceale.top/treusparq.php

https://wpsnoum.pw/treusparq.php

https://wsaexdig.pw/treusparq.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      senate.m4a

    • Size

      575KB

    • MD5

      8bdb30d9f3c697d3f12aea9dd3d83a60

    • SHA1

      f89fc63457ce4914b5e41ed0b17af0a9e1ac6119

    • SHA256

      3bc843b534c96a38ab8f4b785f902f70dc8ebd48164aa0870562da285c49a9ec

    • SHA512

      bc7f688736b607baea107ea20d1e6686aed9619b7f10b81b95a74ac652c09696a83160f603c5b106498643c10c8eb60572ffbdcd23db6c12e68c15d9dec5f905

    Score
    10/10
    zloaderspx139spx139botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks