General

  • Target

    201106-9sxjh7tvxj_pw_infected.zip

  • Size

    162KB

  • Sample

    201117-rxhd4qxj2e

  • MD5

    be3fb61218c3f159acc5d2715662eef7

  • SHA1

    c34ed3d26f606e0b59c5c6712a17638185f7db07

  • SHA256

    b99f3781093d168fe884a5e9578589628d9df871f08aedc6cacddfb223339cb2

  • SHA512

    94198ae99c40d9272ef30865f58fff78c919fd593625666c1c118e38cea73e91777148ea3167761565f9ab31693e3dc87893b5616ac39e7a84b38e616bee22a4

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija1

C2

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab

    • Size

      524KB

    • MD5

      4aa199c19c28cd1d176b7f6ff59bd713

    • SHA1

      ec321c45f365ad178bbbef4f873578ffc52b6114

    • SHA256

      4a30275f14f80c6e11d5a253d7d004eda98651010e0aa47f744cf4105d1676ab

    • SHA512

      b764a3378677a4d7ceba3d57442b98028581c0c2841bdac287c5caced0f350638a2c1c0a6136873d29627420b208789873c0d5a5ad4d28e3f1e3758e3a12a6f5

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks