General
-
Target
bd91abd60357f47d4a163df3fc27b795.exe
-
Size
291KB
-
Sample
201102-kdx16rhl5a
-
MD5
bd91abd60357f47d4a163df3fc27b795
-
SHA1
7e572733b2ef7266dfdb237c32d73919df6ae298
-
SHA256
a50844184119e66e5d3a663be6d2d57d72a6748b6ce2d11974c688c8bc40d710
-
SHA512
4ad41d25cd85d16e5bc932ee68dcb79ed4845e679e7b14f23a32f7a57fc5aa783e0cd2eb7f5b58e7c8918e81f316bcffb7c658efc1d25223576b5383df39e604
Static task
static1
Malware Config
Extracted
| Family |
zloader |
| Botnet |
r1 |
| Campaign |
r1 |
| C2 |
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php |
| rc4.plain |
|
| rsa_pubkey.plain |
|
Targets
-
-
Target
bd91abd60357f47d4a163df3fc27b795.exe
-
Size
291KB
-
MD5
bd91abd60357f47d4a163df3fc27b795
-
SHA1
7e572733b2ef7266dfdb237c32d73919df6ae298
-
SHA256
a50844184119e66e5d3a663be6d2d57d72a6748b6ce2d11974c688c8bc40d710
-
SHA512
4ad41d25cd85d16e5bc932ee68dcb79ed4845e679e7b14f23a32f7a57fc5aa783e0cd2eb7f5b58e7c8918e81f316bcffb7c658efc1d25223576b5383df39e604
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation