Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

d7ea78ed27...65.exe

windows7_x64

10

d7ea78ed27...65.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d7ea78ed27fd9b409d82b101317e7fc3f513efe456de24d62c13d443033e3165

  • Size

    199KB

  • Sample

    220512-cqtpzaagfk

  • MD5

    7366f05f1ae2ac01e37e0e1585471611

  • SHA1

    38fec58363128d9f2722cb0662b30c20740e9685

  • SHA256

    d7ea78ed27fd9b409d82b101317e7fc3f513efe456de24d62c13d443033e3165

  • SHA512

    8af15534ca621210adf23d22da1f859f76fb10a6857e07167f23cb53ebff39c51d0b38fa7caa26c4de76a63f066ca070f0ff30139dd46335fefd6c9ccebd71ad

Score
10/10
zloadersgsgbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://imagn.at/LKhwojehDgwegSDG/gateJKjdsh.php

https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://wuktmlbilrsbvsbkdetb.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php
Attributes
  • build_id

    107

rc4.plain
1
e858071ef441a9a66f1a0506fc20b8c3
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHpFzCGFAP0unkZ2zHNtVYQsOAsR
3
e2ENNwJ8gkPfbj9t6WQ9dCAGalAGg7auX/u2ZhvlmUtM4o9cN5t5P6N3Lkcdpfs8
4
nutVvaHHDS2kfSMfNGBGCZyrKHW0prtiBPlCwM6Cis3KVTjp1MUcSAgKHsPbGeSX
5
pMsguw2fOZhNdlizAgMBAAE=
6
-----END PUBLIC KEY-----

Targets

    • Target

      d7ea78ed27fd9b409d82b101317e7fc3f513efe456de24d62c13d443033e3165

    • Size

      199KB

    • MD5

      7366f05f1ae2ac01e37e0e1585471611

    • SHA1

      38fec58363128d9f2722cb0662b30c20740e9685

    • SHA256

      d7ea78ed27fd9b409d82b101317e7fc3f513efe456de24d62c13d443033e3165

    • SHA512

      8af15534ca621210adf23d22da1f859f76fb10a6857e07167f23cb53ebff39c51d0b38fa7caa26c4de76a63f066ca070f0ff30139dd46335fefd6c9ccebd71ad

    Score
    10/10
    zloadersgsgbotnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.