Overview

overview

10

Static

static

0166d8e35a...34.dll

windows7_x64

10

0166d8e35a...34.dll

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0166d8e35a3c5b46860fcbfb984ecd34.dll

  • Size

    688KB

  • Sample

    210324-jta5jgt8ls

  • MD5

    0166d8e35a3c5b46860fcbfb984ecd34

  • SHA1

    5b7b902ce566d5a1068150a32376ad27733e9cb8

  • SHA256

    5f39259b8dd0603f1897b262089186a5cb1e299dde76263d1dc5795282a0d82f

  • SHA512

    f03d379afc00563beb9cf367e5b5488a7e088d815805733b9e258e6cf2ad2f868ded68067b581c01ee3a993fee8ce86bcf7081a4aee3176f7cc457afe784e1a9

Score
10/10
zloadernut24/03botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      0166d8e35a3c5b46860fcbfb984ecd34.dll

    • Size

      688KB

    • MD5

      0166d8e35a3c5b46860fcbfb984ecd34

    • SHA1

      5b7b902ce566d5a1068150a32376ad27733e9cb8

    • SHA256

      5f39259b8dd0603f1897b262089186a5cb1e299dde76263d1dc5795282a0d82f

    • SHA512

      f03d379afc00563beb9cf367e5b5488a7e088d815805733b9e258e6cf2ad2f868ded68067b581c01ee3a993fee8ce86bcf7081a4aee3176f7cc457afe784e1a9

    Score
    10/10
    zloadernut24/03botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks