Overview

overview

10

Static

static

903c3b246b...10.dll

windows7_x64

10

903c3b246b...10.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010

  • Size

    448KB

  • Sample

    220516-cpqlxsabb8

  • MD5

    8a46f0c4be8a91b533142a112618a885

  • SHA1

    32a765a9a32ec7065087b172607e0f9a8119fc20

  • SHA256

    903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010

  • SHA512

    54a9c56d0b18779fc6d7c54f5b01bdf8cb2d830f7b035de2817950b90c1f363f1ad0a6a46db66fc0470c0e7b5c221d35cbe69752afbfb56560caaa42f06e7e5e

Score
10/10
zloaderbat1k3bat1k3botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://ad123234234.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.info/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.xyz/LKhwojehDgwegSDG/gateJKjdsh.php
Attributes
  • build_id

    29

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010

    • Size

      448KB

    • MD5

      8a46f0c4be8a91b533142a112618a885

    • SHA1

      32a765a9a32ec7065087b172607e0f9a8119fc20

    • SHA256

      903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010

    • SHA512

      54a9c56d0b18779fc6d7c54f5b01bdf8cb2d830f7b035de2817950b90c1f363f1ad0a6a46db66fc0470c0e7b5c221d35cbe69752afbfb56560caaa42f06e7e5e

    Score
    10/10
    zloaderbat1k3bat1k3botnettrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks