adfde0367ba639980632da58a5444005.dll

General
Target

adfde0367ba639980632da58a5444005.dll

Size

429KB

Sample

201015-lpwpgvvlrx

Score
10 /10
MD5

adfde0367ba639980632da58a5444005

SHA1

451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3

SHA256

191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2

SHA512

1726d83df12cbd9c2a07322925253053720a65d986b4acbb356240afbbed63589c163c7dacaf9a00242769d32943241af2edc6be7ea80e52ee2b041e1843508e

Malware Config

Extracted

Family zloader
Botnet divader
Campaign xls_spam_2909
C2

https://fqnesas.ru/gate.php

https://fqnvsdaas.su/gate.php

https://fqnvtmqass.ru/gate.php

https://fqnvtcpheas.su/gate.php

https://fqnvtmophfeas.ru/gate.php

https://fqnceas.su/gate.php

https://fqlocpeas.ru/gate.php

https://dksaiijn.ru/gate.php

https://dksafjasnf.su/gate.php

https://fjsafasfsa.ru/gate.php

rc4.plain
rsa_pubkey.plain
Targets
Target

adfde0367ba639980632da58a5444005.dll

MD5

adfde0367ba639980632da58a5444005

Filesize

429KB

Score
10 /10
SHA1

451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3

SHA256

191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2

SHA512

1726d83df12cbd9c2a07322925253053720a65d986b4acbb356240afbbed63589c163c7dacaf9a00242769d32943241af2edc6be7ea80e52ee2b041e1843508e

Tags

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Description

    Zloader is a malware strain that was initially discovered back in August 2015.

    Tags

  • Adds Run key to start application

    Tags

    TTPs

    Registry Run Keys / Startup Folder Modify Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10