Overview

overview

10

Static

static

galadriel

windows7_x64

10

Resubmissions

16-11-2020 11:26

201116-96rt48lgr2 10

16-11-2020 11:22

201116-da9ygl58js 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0di3x.bin.zip

  • Size

    78KB

  • Sample

    201116-96rt48lgr2

  • MD5

    10ad9e03b54e22c1da056d8fab1b289d

  • SHA1

    98f3bd0b931de340ffdc52241a779f3cee9465de

  • SHA256

    84e8caaf836da889b6f7c4d7e53c682274d23fdfa84011efe29c1894b7b16bd3

  • SHA512

    c506f3a0612dfa40ca939f67131788c24e7d5b1e6b62558bc89247e1b435a21fb29dfdac88b9176dc46b84e38c2c618ad9fe4df03b280b887d676faccdb5b4d9

Score
10/10
smokeloaderzloaderr1r1backdoorbotnettrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/
rc4.i32
rc4.i32

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      0di3x.bin

    • Size

      111KB

    • MD5

      bd97f762750d0e38e38d5e8f7363f66a

    • SHA1

      9ae3d7053246289ff908758f9d60d79586f7fc9f

    • SHA256

      d4b767b57f453d599559532d7351feeecd4027b89b0b117552b7a3432ed4a158

    • SHA512

      d0f00c07563aab832b181a7ab93413a93f913f813c83d63c25f4473b7fa2003b4b2a83c97bd9766f9f45a7f2de9e922139a010612f21b15407c9f2bb58a53e39

    Score
    10/10
    smokeloaderzloaderr1r1backdoorbotnettrojan

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks