Overview

overview

10

Static

static

qUDLf.dll

windows7_x64

10

qUDLf.dll

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qUDLf.dll

  • Size

    300KB

  • Sample

    210310-swgqfnncrx

  • MD5

    35377178edc832c00f9b8f04c961e1fd

  • SHA1

    ca363d13d681ba404101b76acf8bc7ae518c149a

  • SHA256

    8c19669b6ea804b0f3d63a285e115a01084efffc9501c31b0b09d79cadba34e6

  • SHA512

    7bc01e2219fddddb480ba64521002e392eddd17f0f0a43249c5fd13205dde0f8a1e777e23bf266697b70cb077534d672ce81afdbb78a61996174d73fda6c562a

Score
10/10
zloadernut09/03botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

09/03

C2

https://impresosypapeleriaocana.com/post.php

https://anirban24tv.com/post.php

https://geniesoutien.com/post.php

https://artist.capitaldstudio.com/post.php

https://e-anjab.jatimprov.go.id/post.php

https://landmarklive.in/post.php

https://webtvparacatu.com.br/post.php

https://petiteballerina.fi/post.php

https://sasremetgausal.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      qUDLf.dll

    • Size

      300KB

    • MD5

      35377178edc832c00f9b8f04c961e1fd

    • SHA1

      ca363d13d681ba404101b76acf8bc7ae518c149a

    • SHA256

      8c19669b6ea804b0f3d63a285e115a01084efffc9501c31b0b09d79cadba34e6

    • SHA512

      7bc01e2219fddddb480ba64521002e392eddd17f0f0a43249c5fd13205dde0f8a1e777e23bf266697b70cb077534d672ce81afdbb78a61996174d73fda6c562a

    Score
    10/10
    zloadernut09/03botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks