Overview

overview

10

Static

static

d56060acb8...8a.dll

windows7_x64

10

d56060acb8...8a.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d56060acb8115119810ae3aca151e94cbe5e2459dd405c8f010ced5a25c8548a.zip

  • Size

    442KB

  • Sample

    210302-ank9mm4e4j

  • MD5

    3590414d424c7b2406769cd32ef4bc66

  • SHA1

    a8b0f7511aac2ae50cc186897c7c6cbf43fe7897

  • SHA256

    0b7ff3ca486901b7aaf844f60419567ee83edcaa0473e54e77b44a97125c496c

  • SHA512

    9994b56c9da36fc86f8f1693dde083d01c92c8f4911cab6db48617f062c116ad4c22160f571dbb8cb9f9ec40c22d9224e15c1ae91f29dca49dc258061a52eea2

Score
10/10
zloaderkiv20/01botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

kiv

Campaign

20/01

C2

https://actes-etatcivil.com/post.php

https://ankarakreatif.com/post.php

https://www.ramazanyildiz.net/post.php

https://hispaniaeng.com/post.php

https://www.ifdd.francophonie.org/post.php

https://tiodeitidampheater.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      d56060acb8115119810ae3aca151e94cbe5e2459dd405c8f010ced5a25c8548a.dll

    • Size

      634KB

    • MD5

      d32908e4d32c94a8781f21ce2626dc13

    • SHA1

      ac4ab65b40593943530368a2b953e5a493e5c31b

    • SHA256

      d56060acb8115119810ae3aca151e94cbe5e2459dd405c8f010ced5a25c8548a

    • SHA512

      53f3f1cc132ea853cfea91b7e4759697aa06f9da8df0f2a8f67544c238cee35f7b68bd377558efe25a3dfce647446876ea175ccc05e61e9b212eafb1746f7f87

    Score
    10/10
    zloaderkiv20/01botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks