Overview

overview

10

Static

static

artifact-7...b8.dll

windows7_x64

10

artifact-7...b8.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    artifact-7cfa50197b985a73d791e747f381fa35cc8cb3907447eac03998e3929a7153b8.dll

  • Size

    372KB

  • Sample

    210219-g8t2kxnh8e

  • MD5

    10a80344b002ff386d14dabe7850f012

  • SHA1

    cabe72e14348b41003187aa8e328db999f29f682

  • SHA256

    7cfa50197b985a73d791e747f381fa35cc8cb3907447eac03998e3929a7153b8

  • SHA512

    8e6b23d03532b16fab5a7801ce36d25eca3258267daa1221d99c36ce3df8dfe59baf7297b8a93584655e5090369eb2601d9e793b62cc0a1b30e170151f5a1e94

Score
10/10
zloadervek19/02botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

vek

Campaign

19/02

C2

https://timemeaning.com/post.php

https://timeremain.com/post.php

https://cacesatansingmilk.tk/post.php

https://tenlapatevaj.tk/post.php

https://toclylene.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      artifact-7cfa50197b985a73d791e747f381fa35cc8cb3907447eac03998e3929a7153b8.dll

    • Size

      372KB

    • MD5

      10a80344b002ff386d14dabe7850f012

    • SHA1

      cabe72e14348b41003187aa8e328db999f29f682

    • SHA256

      7cfa50197b985a73d791e747f381fa35cc8cb3907447eac03998e3929a7153b8

    • SHA512

      8e6b23d03532b16fab5a7801ce36d25eca3258267daa1221d99c36ce3df8dfe59baf7297b8a93584655e5090369eb2601d9e793b62cc0a1b30e170151f5a1e94

    Score
    10/10
    zloadervek19/02botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks