Overview

overview

10

Static

static

Kiki

windows7_x64

10

Resubmissions

15-10-2020 13:31

201015-fye6cmvw2x 10

15-10-2020 10:36

201015-lpwpgvvlrx 10

07-10-2020 13:09

201007-gb8s3rc2dn 1

07-10-2020 04:33

201007-bq47zyvhf2 1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adfde0367ba639980632da58a5444005.dll

  • Size

    429KB

  • Sample

    201015-lpwpgvvlrx

  • MD5

    adfde0367ba639980632da58a5444005

  • SHA1

    451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3

  • SHA256

    191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2

  • SHA512

    1726d83df12cbd9c2a07322925253053720a65d986b4acbb356240afbbed63589c163c7dacaf9a00242769d32943241af2edc6be7ea80e52ee2b041e1843508e

Score
10/10
zloaderdivaderxls_spam_2909botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

xls_spam_2909

C2

https://fqnesas.ru/gate.php

https://fqnvsdaas.su/gate.php

https://fqnvtmqass.ru/gate.php

https://fqnvtcpheas.su/gate.php

https://fqnvtmophfeas.ru/gate.php

https://fqnceas.su/gate.php

https://fqlocpeas.ru/gate.php

https://dksaiijn.ru/gate.php

https://dksafjasnf.su/gate.php

https://fjsafasfsa.ru/gate.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      adfde0367ba639980632da58a5444005.dll

    • Size

      429KB

    • MD5

      adfde0367ba639980632da58a5444005

    • SHA1

      451dd7d059eb7fd22bb7bb46e64de0a1436e6dc3

    • SHA256

      191bbf8eafbe5dfcf56bb139f36d44724bdb9fd1e708cd29dfd2d7b2b916f9f2

    • SHA512

      1726d83df12cbd9c2a07322925253053720a65d986b4acbb356240afbbed63589c163c7dacaf9a00242769d32943241af2edc6be7ea80e52ee2b041e1843508e

    Score
    10/10
    trojanbotnetzloaderpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks