Overview

overview

10

Static

static

logs.php.bin.dll

windows7_x64

10

logs.php.bin.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    logs.php.bin

  • Size

    368KB

  • Sample

    210224-bnwlrbqjt6

  • MD5

    4bf3af70dcbddb2176b0bf611a8f945c

  • SHA1

    59bbd8de9de9f891adb73b4c5711cfb7a3073fa5

  • SHA256

    22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017

  • SHA512

    ff2f75d15d5bfffb2a5cae30e231d2fc1c33adc9fc4b771e1eb5587d4761ebdc2afff3618f218ffa7c020b11f264217916acb2c6114a5752c53dda13af89134f

Score
10/10
zloadernut22/02botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/02

C2

https://sanfilippowholesale.ca/post.php

https://veprotech.com/post.php

https://globalgroots.com/post.php

https://silicontradewind.com/post.php

https://dhyanalingagranites.in/post.php

https://onushondhanbarta.com/post.php

https://avcity.in/post.php

https://docapiridelli.ml/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      logs.php.bin

    • Size

      368KB

    • MD5

      4bf3af70dcbddb2176b0bf611a8f945c

    • SHA1

      59bbd8de9de9f891adb73b4c5711cfb7a3073fa5

    • SHA256

      22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017

    • SHA512

      ff2f75d15d5bfffb2a5cae30e231d2fc1c33adc9fc4b771e1eb5587d4761ebdc2afff3618f218ffa7c020b11f264217916acb2c6114a5752c53dda13af89134f

    Score
    10/10
    zloadernut22/02botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks