General
-
Size
210KB
-
Sample
201013-xs83jp8xjs
-
MD5
12368655038e920cb2ada7d34fac40dd
-
SHA1
fca002da98c91b019a3fab4639a4b6e4d0de43d7
-
SHA256
9f654fe304bd80d1114c515362319c59bc569a54cb445aacdf47672d56815da1
-
SHA512
caa8e284640c31ad4c7b86945a71ad46aa2eb8bb7e47358b67b5fa575cac2894ad5d8d41e26a7782d7e080d8126c2c377e7bcc8e3ff2f5785c9c60119c519d0e
Static task
static1
Malware Config
Extracted
| Family |
zloader |
| Botnet |
r1 |
| Campaign |
r1 |
| C2 |
https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php https://hoxfqvlgoabyfspvjimc.com/LKhwojehDgwegSDG/gateJKjdsh.php https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php |
| rc4.plain |
|
| rsa_pubkey.plain |
|
Targets
-
-
Target
File2.exe
-
Size
210KB
-
MD5
12368655038e920cb2ada7d34fac40dd
-
SHA1
fca002da98c91b019a3fab4639a4b6e4d0de43d7
-
SHA256
9f654fe304bd80d1114c515362319c59bc569a54cb445aacdf47672d56815da1
-
SHA512
caa8e284640c31ad4c7b86945a71ad46aa2eb8bb7e47358b67b5fa575cac2894ad5d8d41e26a7782d7e080d8126c2c377e7bcc8e3ff2f5785c9c60119c519d0e
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation