General

  • Target

    Eye.dll

  • Size

    344KB

  • Sample

    201123-fq8x8wgdkx

  • MD5

    0358fcd58c56d6cedec03b80c64ff988

  • SHA1

    34816e94bf4cc91c3c8bd6a8c087f6592ab28e96

  • SHA256

    10ec4e9f67028d2bf9f5e42cb2918663436e21760a5f1e08950b19ac2745e48c

  • SHA512

    677e4d1c61cfb19ca47c11d3fbfbc68f546ee5095e89075b76ba9c4b7b42ebe4f920ce0ff6b4174ce33fc87f97c398a757203c406413423751b8caa1d9d2248a

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

23/11

C2

https://orangeboxasia.com/wp-smarts.php

https://m3izoglass.ro/wp-smarts.php

https://bayza.ro/up_img_01.php

https://cofetariarodna.ro/errors.php

https://casapintea.ro/logs.php

https://roractaseja.ml/wp-smarts.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      Eye.dll

    • Size

      344KB

    • MD5

      0358fcd58c56d6cedec03b80c64ff988

    • SHA1

      34816e94bf4cc91c3c8bd6a8c087f6592ab28e96

    • SHA256

      10ec4e9f67028d2bf9f5e42cb2918663436e21760a5f1e08950b19ac2745e48c

    • SHA512

      677e4d1c61cfb19ca47c11d3fbfbc68f546ee5095e89075b76ba9c4b7b42ebe4f920ce0ff6b4174ce33fc87f97c398a757203c406413423751b8caa1d9d2248a

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks