Overview

overview

10

Static

static

e10a00a826...03.dll

windows7_x64

10

e10a00a826...03.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e10a00a826c6d33883a97016043dc8f8474f94b2622c7297df03e42020c92803

  • Size

    966KB

  • Sample

    220201-dzkdbsgaaj

  • MD5

    1e7150ba8f30a4a59b58949501c563e6

  • SHA1

    ccf024a8005d7f328a1faf6b2519097faa23e8f7

  • SHA256

    e10a00a826c6d33883a97016043dc8f8474f94b2622c7297df03e42020c92803

  • SHA512

    b7a86b76fb79d39497119e275c39c3f878a63db1d9115acf8a4185b67f6032a5d28430a4c8fd564100918aa2203cad12cfb5bf30eee86b27f66124b478c4af63

Score
10/10
zloadermain20.03.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

20.03.2020

C2

https://postxer.com/sound.php

https://sentspiels.com/sound.php

https://watae.org/sound.php

https://eirry.org/sound.php

https://lotio.org/sound.php

https://smeack.org/sound.php

https://polild.org/sound.php
Attributes
  • build_id

    25

rc4.plain

Targets

    • Target

      e10a00a826c6d33883a97016043dc8f8474f94b2622c7297df03e42020c92803

    • Size

      966KB

    • MD5

      1e7150ba8f30a4a59b58949501c563e6

    • SHA1

      ccf024a8005d7f328a1faf6b2519097faa23e8f7

    • SHA256

      e10a00a826c6d33883a97016043dc8f8474f94b2622c7297df03e42020c92803

    • SHA512

      b7a86b76fb79d39497119e275c39c3f878a63db1d9115acf8a4185b67f6032a5d28430a4c8fd564100918aa2203cad12cfb5bf30eee86b27f66124b478c4af63

    Score
    10/10
    zloadermain20.03.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks