Overview

overview

10

Static

static

fb55aa4029...f9.dll

windows7_x64

10

fb55aa4029...f9.dll

windows10-2004_x64

8

Resubmissions

08-12-2023 09:57

231208-ly41caae27 10

05-02-2022 07:39

220205-jg3pvahcgr 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

  • Size

    472KB

  • Sample

    220205-jg3pvahcgr

  • MD5

    1d03a39c5b1f99fc9c33bc4a9811cf0f

  • SHA1

    ede00a9c20689c8c6dc5fa301b46c2a74ebe01af

  • SHA256

    fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

  • SHA512

    fc3f2d776632fbfb1f3d0c3c32e3e57b818a697a53cc587fef3bc8e15f052573e90fffd493032a28eb7d93db93732efff523d406caf7dc07f733bac1b44fc126

Score
10/10
zloaderapril24mishaapril24mishabotnetpersistencesuricatatrojan

Malware Config

Extracted

Family

zloader

Botnet

April24misha

Campaign

April24misha

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php
Attributes
  • build_id

    122

rc4.plain

Targets

    • Target

      fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

    • Size

      472KB

    • MD5

      1d03a39c5b1f99fc9c33bc4a9811cf0f

    • SHA1

      ede00a9c20689c8c6dc5fa301b46c2a74ebe01af

    • SHA256

      fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

    • SHA512

      fc3f2d776632fbfb1f3d0c3c32e3e57b818a697a53cc587fef3bc8e15f052573e90fffd493032a28eb7d93db93732efff523d406caf7dc07f733bac1b44fc126

    Score
    10/10
    zloaderapril24mishaapril24mishabotnetsuricatatrojanpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks