Overview

overview

10

Static

static

568b1d18c3...9d.exe

windows7_x64

10

568b1d18c3...9d.exe

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    568b1d18c325b2be411b21a34c0b5a12bfa93201694ca0a2109876007078b99d

  • Size

    525KB

  • Sample

    220524-ryj8tseef7

  • MD5

    0c4e34983b797d71c1398962286a62d0

  • SHA1

    9314f44fc32b0afb38c466781727c8fca2b2f0a9

  • SHA256

    568b1d18c325b2be411b21a34c0b5a12bfa93201694ca0a2109876007078b99d

  • SHA512

    03144ce6410b416f961c7f6e5c9fa4112be54acfcd2ed554837c55aaa07227b09e88bcc09fce44a81f0f85cda06c8a0474ecfd08164c818e189aeb883a277d72

Score
10/10
zloadergoldhub27_mariobotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

goldhub

Campaign

27_mario

C2

https://209711.com/process.php

https://106311.com/out.php

https://124331.com/success.php

https://1646zz.com/api.php
Attributes
  • build_id

    75

rc4.plain

Targets

    • Target

      568b1d18c325b2be411b21a34c0b5a12bfa93201694ca0a2109876007078b99d

    • Size

      525KB

    • MD5

      0c4e34983b797d71c1398962286a62d0

    • SHA1

      9314f44fc32b0afb38c466781727c8fca2b2f0a9

    • SHA256

      568b1d18c325b2be411b21a34c0b5a12bfa93201694ca0a2109876007078b99d

    • SHA512

      03144ce6410b416f961c7f6e5c9fa4112be54acfcd2ed554837c55aaa07227b09e88bcc09fce44a81f0f85cda06c8a0474ecfd08164c818e189aeb883a277d72

    Score
    10/10
    zloadergoldhub27_mariobotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks