Overview

overview

10

Static

static

f32f0d0bb5...49.exe

windows7_x64

10

f32f0d0bb5...49.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949

  • Size

    364KB

  • Sample

    220516-cmk9esaac5

  • MD5

    237dcba926f68d809230a71529172e4c

  • SHA1

    350ef285178655aa95e49b51957ec14d9e36ba78

  • SHA256

    f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949

  • SHA512

    8dd34cf5c04c8d2de31338da1abed2dbb0474f99198330fbe69a5a0f37a3027ccf70ea4d9647447477d1a1d446dfc621ab834b95117b8bcd67ed1cf18f047b30

Score
10/10
zloaderrazrazbotnetsuricatatrojan

Malware Config

Extracted

Family

zloader

Botnet

Raz

Campaign

Raz

C2

http://softwareserviceupdater5.com/web/post.php

Attributes
  • build_id

    35

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949

    • Size

      364KB

    • MD5

      237dcba926f68d809230a71529172e4c

    • SHA1

      350ef285178655aa95e49b51957ec14d9e36ba78

    • SHA256

      f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949

    • SHA512

      8dd34cf5c04c8d2de31338da1abed2dbb0474f99198330fbe69a5a0f37a3027ccf70ea4d9647447477d1a1d446dfc621ab834b95117b8bcd67ed1cf18f047b30

    Score
    10/10
    zloaderrazrazbotnettrojansuricata

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • suricata: ET MALWARE Zbot POST Request to C2

      suricata: ET MALWARE Zbot POST Request to C2

      suricata

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks