Resubmissions

24-01-2024 07:29

240124-jbnczachd9 10

23-01-2024 11:54

240123-n2wjgsafc6 10

26-06-2020 08:43

200626-953qfplyej 10

General

  • Target

    xiynk.dll

  • Size

    356KB

  • Sample

    200626-953qfplyej

  • MD5

    e83a8a849188b48e79a6f49dd0c7ae91

  • SHA1

    55a1669550d823104e1452f0e6a0a94c3f7fae12

  • SHA256

    a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f

  • SHA512

    b035faff865f72977879322f9d1c08c6f87c96a8805db76a0e5ae4b6118f2b075e58bb1cc6a9cee8ce1c51763301443bab40970ad1f072a1763d7d7727e477f4

Malware Config

Targets

    • Target

      xiynk.dll

    • Size

      356KB

    • MD5

      e83a8a849188b48e79a6f49dd0c7ae91

    • SHA1

      55a1669550d823104e1452f0e6a0a94c3f7fae12

    • SHA256

      a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f

    • SHA512

      b035faff865f72977879322f9d1c08c6f87c96a8805db76a0e5ae4b6118f2b075e58bb1cc6a9cee8ce1c51763301443bab40970ad1f072a1763d7d7727e477f4

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Modifies service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks