Overview

overview

10

Static

static

8

4eae634a9b...08.exe

windows7_x64

10

4eae634a9b...08.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4eae634a9b6e574394022e124e7a9adfefbe4dcc3dd8d5045d3b78ad3b11dc08

  • Size

    297KB

  • Sample

    220320-bta7cseae8

  • MD5

    684d0d9dcc183c26475877f3cdc79c16

  • SHA1

    b825713bd2251395fa742a037f4eb802152d0263

  • SHA256

    4eae634a9b6e574394022e124e7a9adfefbe4dcc3dd8d5045d3b78ad3b11dc08

  • SHA512

    8416569da8af3c25095f0b5ab2bcb8d2739375fe4ff58d858d6f9508b4fc5a500fb7ff730d1b128f0bfc254f3122bc933b248d78eb24700914d033117515f550

Score
10/10
zloadercanadaloadsnerinobotnettrojanupx

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://monanuslanus.com/bFnF0y1r/7QKpXmV3Pz.php

https://lericastrongs.com/bFnF0y1r/7QKpXmV3Pz.php

https://hyllionsudks.com/bFnF0y1r/7QKpXmV3Pz.php

https://crimewasddef.com/bFnF0y1r/7QKpXmV3Pz.php

https://derekdsingel.com/bFnF0y1r/7QKpXmV3Pz.php

https://simplereffiret.com/bFnF0y1r/7QKpXmV3Pz.php

https://regeerscomba.com/bFnF0y1r/7QKpXmV3Pz.php
Attributes
  • build_id

    77

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      4eae634a9b6e574394022e124e7a9adfefbe4dcc3dd8d5045d3b78ad3b11dc08

    • Size

      297KB

    • MD5

      684d0d9dcc183c26475877f3cdc79c16

    • SHA1

      b825713bd2251395fa742a037f4eb802152d0263

    • SHA256

      4eae634a9b6e574394022e124e7a9adfefbe4dcc3dd8d5045d3b78ad3b11dc08

    • SHA512

      8416569da8af3c25095f0b5ab2bcb8d2739375fe4ff58d858d6f9508b4fc5a500fb7ff730d1b128f0bfc254f3122bc933b248d78eb24700914d033117515f550

    Score
    10/10
    zloadercanadaloadsnerinobotnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks