Overview

overview

10

Static

static

10ec4e9f67...8c.dll

windows7_x64

10

10ec4e9f67...8c.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10ec4e9f67028d2bf9f5e42cb2918663436e21760a5f1e08950b19ac2745e48c.zip

  • Size

    235KB

  • Sample

    210303-vzrclsyfts

  • MD5

    85a07b3843f76559e9972ceeb8091c89

  • SHA1

    52d4cc2eea53c9fc3bb50519732868111099ba6c

  • SHA256

    4365afc176d3351b932fd109b667523ed6f9cadbbd1681dee3f3ed863f331267

  • SHA512

    66d7433a935317f061f5217ef70b7a261de8f8fca41fd20818e33f8000c088fbc735d7d4eb289b1b257529cee6c23d56456904e9f190ceb6e7689f43083a3268

Score
10/10
zloadernut23/11botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

23/11

C2

https://orangeboxasia.com/wp-smarts.php

https://m3izoglass.ro/wp-smarts.php

https://bayza.ro/up_img_01.php

https://cofetariarodna.ro/errors.php

https://casapintea.ro/logs.php

https://roractaseja.ml/wp-smarts.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      10ec4e9f67028d2bf9f5e42cb2918663436e21760a5f1e08950b19ac2745e48c.dll

    • Size

      344KB

    • MD5

      0358fcd58c56d6cedec03b80c64ff988

    • SHA1

      34816e94bf4cc91c3c8bd6a8c087f6592ab28e96

    • SHA256

      10ec4e9f67028d2bf9f5e42cb2918663436e21760a5f1e08950b19ac2745e48c

    • SHA512

      677e4d1c61cfb19ca47c11d3fbfbc68f546ee5095e89075b76ba9c4b7b42ebe4f920ce0ff6b4174ce33fc87f97c398a757203c406413423751b8caa1d9d2248a

    Score
    10/10
    zloadernut23/11botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks