Overview

overview

10

Static

static

f8503947e0...24.dll

windows7_x64

10

f8503947e0...24.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224.zip

  • Size

    284KB

  • Sample

    210302-rxa4gpfd5e

  • MD5

    ebed71f793687a1710b80de12de551b8

  • SHA1

    2cc5694e5685c89a44d1dddad794646b7d3d2ff7

  • SHA256

    b006f97c04667bc80d4cb61f7836e718e36fdfb964becf4d73770267827946f6

  • SHA512

    dc67e2edbc90752368c5d60d42442654a7ac1ad28291c76275772316c671d08cc4dbc5d8da687f8669c9f8d8db615c96e69bac3676289231f69451f24c4f066f

Score
10/10
zloaderkev11/12botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

11/12

C2

https://www.businessinsurancelaw.com/wp-punch.php

https://squire.ae/wp-punch.php

https://lamun.pk/wp-punch.php

https://www.rcclabbd.com/wp-punch.php

https://thecype.com/wp-punch.php

https://theterteboltallbrow.tk/wp-smarts.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224.dll

    • Size

      380KB

    • MD5

      e0af3054669d6232870b87e1e239a689

    • SHA1

      f0aa6e50471e70d07a1b70207f38538cb31ed569

    • SHA256

      f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224

    • SHA512

      1574e2aca2415a90677053da5f625d4a9e3bb2e85362cc7acc7b6430a35eb889883da1fda694d79ee38349fee01b5843d0717d864e2d801302755188308d513f

    Score
    10/10
    zloaderkev11/12botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks