Overview

overview

10

Static

static

Internet-Win7-30min

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8U.txt.dll

  • Size

    298KB

  • Sample

    210322-yxp48dw19s

  • MD5

    e32b5a1b18f205db4298a9f18f52457a

  • SHA1

    b29e3ea3d4b32e2d21b1f01f2f571d59676506bf

  • SHA256

    92b61c6ea3254a25ffe182a1fbf53b4e4dc154bfb955c213a4c554b41d1c43a6

  • SHA512

    e6693bee35ea4aa7089bc589a6161560c03eb1a988d90a6ce07ec294fd8c5a8c9a08a3c853b17f1b3043f3ada602a90269761295b1c8e9f907dc32ece03de210

Score
10/10
zloadernut22/03botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/03

C2

https://svilapp.svgipsar.org/post.php

https://nadar-gis.com/post.php

https://crearqarquitectos.com/post.php

https://crown-sign.com/post.php

https://dainikjahan.com/post.php

https://denatureedutech.com/post.php

https://alekllemtilaro.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      d8U.txt.dll

    • Size

      298KB

    • MD5

      e32b5a1b18f205db4298a9f18f52457a

    • SHA1

      b29e3ea3d4b32e2d21b1f01f2f571d59676506bf

    • SHA256

      92b61c6ea3254a25ffe182a1fbf53b4e4dc154bfb955c213a4c554b41d1c43a6

    • SHA512

      e6693bee35ea4aa7089bc589a6161560c03eb1a988d90a6ce07ec294fd8c5a8c9a08a3c853b17f1b3043f3ada602a90269761295b1c8e9f907dc32ece03de210

    Score
    10/10
    zloadernut22/03botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks