Resubmissions

23-01-2024 11:22

240123-ngnyxaaea7 10

29-06-2020 15:36

200629-evyae4waax 10

General

  • Target

    june29.dll

  • Size

    573KB

  • Sample

    200629-evyae4waax

  • MD5

    33a58437b5bc8f91e08960d2faa5f559

  • SHA1

    f015e16c3847edd004aba53f358fe43b28c4f818

  • SHA256

    dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa

  • SHA512

    0fa6349def8590aafc8badf198d1abc7e9f906eec5852088270e2ba11986a918ad6b620c2a545def82c694f340e05ed3a3ad89deb780cc7a23ead1b3f1930f42

Malware Config

Targets

    • Target

      june29.dll

    • Size

      573KB

    • MD5

      33a58437b5bc8f91e08960d2faa5f559

    • SHA1

      f015e16c3847edd004aba53f358fe43b28c4f818

    • SHA256

      dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa

    • SHA512

      0fa6349def8590aafc8badf198d1abc7e9f906eec5852088270e2ba11986a918ad6b620c2a545def82c694f340e05ed3a3ad89deb780cc7a23ead1b3f1930f42

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • js

    • Modifies service

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks