Overview

overview

10

Static

static

8aa25ae29c...65.dll

windows7_x64

10

8aa25ae29c...65.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065

  • Size

    421KB

  • Sample

    220205-qe488abhdq

  • MD5

    10dd1255825cbde60c665539380e5691

  • SHA1

    425d9f9cb80c6f636c0d762d69bdb9329b0d8d75

  • SHA256

    8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065

  • SHA512

    6b1fe481d69799caa6265a2aaccb1c3ace9b17776b93aec5df3d1f9b5e71c56401fef9df562f1f419b40412ac136e5ce8b08acd7897555d7711a6156dd18837c

Score
10/10
zloaderapril23fixedapril23fixedbotnetsuricatatrojan

Malware Config

Extracted

Family

zloader

Botnet

April23Fixed

Campaign

April23Fixed

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php
Attributes
  • build_id

    120

rc4.plain

Targets

    • Target

      8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065

    • Size

      421KB

    • MD5

      10dd1255825cbde60c665539380e5691

    • SHA1

      425d9f9cb80c6f636c0d762d69bdb9329b0d8d75

    • SHA256

      8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065

    • SHA512

      6b1fe481d69799caa6265a2aaccb1c3ace9b17776b93aec5df3d1f9b5e71c56401fef9df562f1f419b40412ac136e5ce8b08acd7897555d7711a6156dd18837c

    Score
    10/10
    zloaderapril23fixedapril23fixedbotnetsuricatatrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata

    • suricata: ET MALWARE Zbot POST Request to C2

      suricata: ET MALWARE Zbot POST Request to C2

      suricata

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks