General

  • Target

    HEURBackdoor.Win32.Dridex.vhobecacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962

  • Size

    146KB

  • MD5

    d93ca01a4515732a6a54df0a391c93e3

  • SHA1

    ba31585616c3640a434c4c29193f0f89e8306485

  • SHA256

    becacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962

  • SHA512

    3e9c52c04cf37250e8d4e0e3a17cc27e17a1ff19c4935a788b77dafea28bd6ec0a514bdbe4073845c31559652c039f88f811b24020044c0b0e0c47f1cb9ac2e0

  • SSDEEP

    3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEj2Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMal

Malware Config

Extracted

Family

zloader

Botnet

-pit14

Campaign

web7-pit14

C2

https://45.72.3.132/web7643/gate.php

Attributes
  • build_id

    929195383

rc4.plain

Signatures

  • Zloader family
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • HEURBackdoor.Win32.Dridex.vhobecacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962
    .exe windows x86

    8dba73fc79b40529ce9d0afaecd2a713


    Headers

    Imports

    Sections