Overview

overview

10

Static

static

3

cYNhXOc.dll

windows7-x64

10

cYNhXOc.dll

windows10-2004-x64

10

Resubmissions

10-09-2024 16:21

240910-ttserasepr 10

28-07-2020 23:07

200728-dgaye9ycja 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cYNhXOc.dll

  • Size

    508KB

  • Sample

    240910-ttserasepr

  • MD5

    7bebb1b85a609733df0b3205406723bb

  • SHA1

    384f07648c732cd9490b7d3bff41ce5a0911b138

  • SHA256

    02846dbf25b333625a0720075fb47da62a946e5b0b4f9e9ba14cef514d576b37

  • SHA512

    4147af9ed60d340218deb382374a015a3bb4cc4abc585e833e1a81ba21bf05f485e2a4cfc7b99223e9015ccda993c5ff19693ce7c00fb18701e66cd259422865

  • SSDEEP

    6144:pThNEjn8Y+DbK916qEs+9RE3ZiK8jhUIBJawdcM+G7z7oqlpQYkYXlcYS:Zbg8Y+Db7qEs+MJZChUIBMvZA1kGd

Score
10/10
zloaderjuly28july28botnetdiscoverytrojan

Malware Config

Extracted

Family

zloader

Botnet

july28

Campaign

july28

C2

https://vlcafxbdjtlvlcduwhga.com/web/post.php

https://softwareserviceupdater3.com/web/post.php

https://softwareserviceupdater4.com/web/post.php
Attributes
  • build_id

    20

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      cYNhXOc.dll

    • Size

      508KB

    • MD5

      7bebb1b85a609733df0b3205406723bb

    • SHA1

      384f07648c732cd9490b7d3bff41ce5a0911b138

    • SHA256

      02846dbf25b333625a0720075fb47da62a946e5b0b4f9e9ba14cef514d576b37

    • SHA512

      4147af9ed60d340218deb382374a015a3bb4cc4abc585e833e1a81ba21bf05f485e2a4cfc7b99223e9015ccda993c5ff19693ce7c00fb18701e66cd259422865

    • SSDEEP

      6144:pThNEjn8Y+DbK916qEs+9RE3ZiK8jhUIBJawdcM+G7z7oqlpQYkYXlcYS:Zbg8Y+Db7qEs+MJZChUIBMvZA1kGd

    Score
    10/10
    zloaderjuly28july28botnetdiscoverytrojan

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks