Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

00272dd639...c2.dll

windows7-x64

10

00272dd639...c2.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malbuster_4.zip

  • Size

    151KB

  • Sample

    250311-nyjqhs1qw5

  • MD5

    57b846fac99ca0b4e08996a2826a7ecc

  • SHA1

    da0086bb4e01e15c088e385c9840532a9ef0ce09

  • SHA256

    df1005f62c74e1f8272eae5073eb0dbffa5fefcb39ce1c78a40ca33b3b888c0d

  • SHA512

    2790f548b3f375ecce307e272e0e2f677431403df8d5c6bd30cc35ec0e2c8179e87e2205074c6fe1b0a02c8d542ad7367ca8505610d80388485c0259963017f8

  • SSDEEP

    3072:GwSDu9j+HBA4KDn1FfpFahuaieAOg9OcEBiF65EUaHoj4oQvAHb4FYUCo:GwSD4aH24oFfpMgOoOviAWobUFYUCo

Score
10/10
zloadermain2020-07-02botnetdiscoverypersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-02

C2

https://fopiese.com/web/data

https://dinctov.com/web/data

https://ennaser.com/web/data

https://hyatart.com/web/data

https://bladilk.com/web/data

https://giridly.com/web/data

https://pleclep.com/web/data

https://phanleb.com/web/data
Attributes
  • build_id

    21

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2.exe

    • Size

      246KB

    • MD5

      061057161259e3df7d12dccb363e56f9

    • SHA1

      1292e9b2ee9d566fe5b475835cc39dafbbb658ba

    • SHA256

      00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2

    • SHA512

      b623b5f1142c560b9f9bc3689a2b53a3acacc93d443a1c2590433d6dc2975e2959243f1b5744720983fbbaa166f25b563b988025f7c4e3e6bf9ff6b720ba11c9

    • SSDEEP

      6144:K/WlwYMhq0n6qsXUl8KdsbiLeb5Jx5cf:KfVJzsXUl81biCbnc

    Score
    10/10
    zloadermain2020-07-02botnetdiscoverytrojanpersistence

    • Zloader family

      zloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks