Overview

overview

10

Static

static

f53350e790...36.exe

windows7_x64

10

f53350e790...36.exe

windows10_x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f53350e79061f139201dfe86a38c3c36.exe

  • Size

    165KB

  • Sample

    210813-72xsh9djrx

  • MD5

    f53350e79061f139201dfe86a38c3c36

  • SHA1

    90b00fc5d9a4018df2db6bca54f9a37082053989

  • SHA256

    26b22c0b1b4aab76f6a483ae3aec9f4eface7c7f5aeb546554afdf4ab0d54a6f

  • SHA512

    4576dca186150fbd0c6db080d943a361556f7e6a0bf0abca5c2c3086e2c347b7cf1ba9c9f202be19ec6bff898f02960bb3fc39173f619068910aa1491ac4594e

Score
10/10
zloadervasjavasjabotnetevasionpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

vasja

Campaign

vasja

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      f53350e79061f139201dfe86a38c3c36.exe

    • Size

      165KB

    • MD5

      f53350e79061f139201dfe86a38c3c36

    • SHA1

      90b00fc5d9a4018df2db6bca54f9a37082053989

    • SHA256

      26b22c0b1b4aab76f6a483ae3aec9f4eface7c7f5aeb546554afdf4ab0d54a6f

    • SHA512

      4576dca186150fbd0c6db080d943a361556f7e6a0bf0abca5c2c3086e2c347b7cf1ba9c9f202be19ec6bff898f02960bb3fc39173f619068910aa1491ac4594e

    Score
    10/10
    zloadervasjavasjabotnetpersistencetrojanevasion

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks