Zloader Reversing
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 5ab85ee7-0a81-41d0-a442-09f82a497953 |
| Fingerprint | b6291211283f527d |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Oct. 18, 2021, 6:44 p.m. |
| Added to db | Sept. 11, 2022, 12:41 p.m. |
| Last updated | Nov. 17, 2024, 7:44 p.m. |
| Headline | Zloader Reversing |
| Title | Zloader Reversing |
| Detected Hints/Tags/Attributes | 72/2/92 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://aaqeel01.wordpress.com/2021/10/18/zloader-reversing/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 911 | any.run |
|
| Details | Domain | 75 | tria.ge |
|
| Details | Domain | 1 | gipc.in |
|
| Details | Domain | 1 | fbhindia.com |
|
| Details | Domain | 1 | ecolenefiber.com |
|
| Details | Domain | 1 | design.ecolenefiber.com |
|
| Details | Domain | 1 | beta.marlics.ir |
|
| Details | Domain | 1 | hari.pk |
|
| Details | Domain | 1 | iaiskjmalang.ac.id |
|
| Details | Domain | 1 | 314xd.com |
|
| Details | Domain | 1 | ejournal.iaiskjmalang.ac.id |
|
| Details | Domain | 1 | duanvn.com |
|
| Details | Domain | 4127 | github.com |
|
| Details | Domain | 1 | www.honeynet.it |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 1 | hashdb.openanalysis.net |
|
| Details | Domain | 66 | www.malwarebytes.com |
|
| Details | Domain | 1 | bin.re |
|
| Details | File | 1 | tn4598151.xlsm |
|
| Details | File | 23 | test.dll |
|
| Details | File | 8 | logs.php |
|
| Details | File | 1 | suqyatda.dll |
|
| Details | File | 1 | ewviv.dll |
|
| Details | File | 1 | ehev.dll |
|
| Details | File | 1 | cyvi.dll |
|
| Details | File | 269 | msiexec.exe |
|
| Details | File | 1 | unpacked_zloader_21_10_4.dll |
|
| Details | File | 59 | post.php |
|
| Details | File | 748 | kernel32.dll |
|
| Details | File | 146 | wininet.dll |
|
| Details | File | 15 | imagehlp.dll |
|
| Details | File | 52 | bcrypt.dll |
|
| Details | File | 4 | ftllib.dll |
|
| Details | File | 14 | samlib.dll |
|
| Details | File | 533 | ntdll.dll |
|
| Details | File | 229 | advapi32.dll |
|
| Details | File | 130 | ws2_32.dll |
|
| Details | File | 69 | shlwapi.dll |
|
| Details | File | 83 | crypt32.dll |
|
| Details | File | 50 | urlmon.dll |
|
| Details | File | 41 | wtsapi32.dll |
|
| Details | File | 53 | iphlpapi.dll |
|
| Details | File | 89 | version.dll |
|
| Details | File | 41 | rpcrt4.dll |
|
| Details | File | 12 | wldap32.dll |
|
| Details | File | 86 | ole32.dll |
|
| Details | File | 11 | winsta.dll |
|
| Details | File | 291 | user32.dll |
|
| Details | File | 76 | gdi32.dll |
|
| Details | File | 33 | gdiplus.dll |
|
| Details | File | 459 | regsvr32.exe |
|
| Details | File | 37 | dnsapi.dll |
|
| Details | File | 39 | secur32.dll |
|
| Details | File | 185 | shell32.dll |
|
| Details | File | 59 | netapi32.dll |
|
| Details | File | 45 | mpr.dll |
|
| Details | File | 8 | winscard.dll |
|
| Details | File | 16 | cabinet.dll |
|
| Details | File | 37 | userenv.dll |
|
| Details | File | 5 | ncrypt.dll |
|
| Details | File | 1 | revenge.pdf |
|
| Details | File | 2 | the-silent-night-zloader-zbot_final.pdf |
|
| Details | File | 1 | dynamicconfig.cpp |
|
| Details | Github username | 2 | visgean |
|
| Details | sha1 | 1 | 701a3020395655220d6a1b1b270946231f572956 |
|
| Details | sha1 | 1 | c55a9fa8c8564ec196604a59111708fa8415f020 |
|
| Details | sha256 | 1 | 500856ee3fc13326cad564894a0423e0583154ef10531de4ab6e6d5df90d4e31 |
|
| Details | sha256 | 1 | c4ab81d7b7d44dd6dfc4f2b69dbe3f22fbf23c1ae49ab8edac2d26f85ae4514d |
|
| Details | sha256 | 1 | 3a4ca58b0a2e72a264466a240c6636f62b8742ffbc96ce14e2225f0e57012e96 |
|
| Details | Url | 1 | http://gipc.in/post.php |
|
| Details | Url | 1 | http://fbhindia.com/post.php |
|
| Details | Url | 1 | http://ecolenefiber.com/post.php |
|
| Details | Url | 1 | http://design.ecolenefiber.com/post.php |
|
| Details | Url | 1 | http://beta.marlics.ir/post.php |
|
| Details | Url | 1 | http://hari.pk/post.php |
|
| Details | Url | 1 | http://iaiskjmalang.ac.id/post.php |
|
| Details | Url | 1 | http://314xd.com/post.php |
|
| Details | Url | 1 | http://ejournal.iaiskjmalang.ac.id/post.php |
|
| Details | Url | 1 | http://duanvn.com/post.php |
|
| Details | Url | 1 | https://github.com/visgean/zeus |
|
| Details | Url | 1 | https://www.honeynet.it/wp-content/uploads/papers/04-titans |
|
| Details | Url | 1 | https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms |
|
| Details | Url | 1 | https://elis531989.medium.com/the-squirrel-strikes-back-analysis-of-the-newly-emerged-cobalt-strike-loader-squirrelwaffle-937b73dbd9f9 |
|
| Details | Url | 1 | https://twitter.com/aaqeel87/status/1443255927000424449?s=20 |
|
| Details | Url | 1 | https://hashdb.openanalysis.net/#section |
|
| Details | Url | 1 | https://www.malwarebytes.com/resources/files/2020/06/the-silent-night-zloader-zbot_final.pdf |
|
| Details | Url | 1 | https://bin.re/blog/the-dga-of-zloader |
|
| Details | Url | 1 | https://github.com/visgean/zeus/blob/c55a9fa8c8564ec196604a59111708fa8415f020/source/client/dynamicconfig.cpp |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Mircosoft\bbxk\uuwk |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Mircosoft\bbxk\ziox |
|
| Details | Windows Registry Key | 1 | HKEY_CURRENT_USER\Software\Microsoft\bbxk |
|
| Details | Windows Registry Key | 1 | HKCU\Software\Mircosoft\bbxk |