Overview

overview

10

Static

static

bd40fbd661...9c.dll

windows7_x64

10

bd40fbd661...9c.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd40fbd6619e2dff958bd5398b0c615921ffd28fe9410e933fe117bca2ed4f9c.zip

  • Size

    283KB

  • Sample

    210226-33s5dd1y92

  • MD5

    015c03cc8b052b09016c25b76d6f0ca0

  • SHA1

    63d9e4477274fd0508ac8ec906fc4e3f9451331e

  • SHA256

    108e95cc87fc770ad5be670adda098b5990245278c6e51e9d9b0c1661551903b

  • SHA512

    7ec732f1598b1c3e44ff7ca1bd73e98d2f9c9de77b573297cd2c9016e025cc36b200b23804d40b6c88e2fe4b40f6767fea6391a4a6d94fddf2b4d188b1a76155

Score
10/10
zloadernut22/02botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/02

C2

https://sanfilippowholesale.ca/post.php

https://veprotech.com/post.php

https://globalgroots.com/post.php

https://silicontradewind.com/post.php

https://dhyanalingagranites.in/post.php

https://onushondhanbarta.com/post.php

https://avcity.in/post.php

https://docapiridelli.ml/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      bd40fbd6619e2dff958bd5398b0c615921ffd28fe9410e933fe117bca2ed4f9c.dll

    • Size

      368KB

    • MD5

      116347dee5de17177b0e19cb2656d94d

    • SHA1

      1bc94b97c99c08ffc1f2849a2dfce60569ddbc71

    • SHA256

      bd40fbd6619e2dff958bd5398b0c615921ffd28fe9410e933fe117bca2ed4f9c

    • SHA512

      a405bbeb5829045817817ff4e993153e5196642d32cdeca5964d1787a2451a7d39624c293e59de8d0c485ee57a964814c167a68abb19d6f23308ffff6f7e2fdb

    Score
    10/10
    zloadernut22/02botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks