Overview

overview

10

Static

static

e62889be5b...5a.dll

windows7_x64

10

e62889be5b...5a.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

  • Size

    860KB

  • Sample

    220205-km2keahfd3

  • MD5

    bba9ace9dc7cce4cac9439a43fa4c9a0

  • SHA1

    8a66109684bfb149ae5f59adaceb380b040f1afc

  • SHA256

    e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

  • SHA512

    49ab85bd8272bb8e54b93cb899af72cfaf169b0db39ac334d60e2e13daa1c393e6e7e563d308d002b9e9724a51740f6a860176885afcc1473fa9a04587134d82

Score
10/10
zloadermain19.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

19.04.2020

C2

https://spardanos.com/sound.php

https://lonehee.com/sound.php

https://surgued.com/sound.php

https://tremood.com/sound.php

https://soceneo.com/sound.php

https://baatiot.com/sound.php

https://welefus.com/sound.php

https://maremeo.com/sound.php
Attributes
  • build_id

    39

rc4.plain

Targets

    • Target

      e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

    • Size

      860KB

    • MD5

      bba9ace9dc7cce4cac9439a43fa4c9a0

    • SHA1

      8a66109684bfb149ae5f59adaceb380b040f1afc

    • SHA256

      e62889be5bf912d37044d83aab08dfa85c7863ec9baeac93e0397e03a407f95a

    • SHA512

      49ab85bd8272bb8e54b93cb899af72cfaf169b0db39ac334d60e2e13daa1c393e6e7e563d308d002b9e9724a51740f6a860176885afcc1473fa9a04587134d82

    Score
    10/10
    zloadermain19.04.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks