Overview

overview

10

Static

static

1qj5u.exe

windows7_x64

10

1qj5u.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1qj5u.zip

  • Size

    79KB

  • Sample

    201124-8lc9zvvcgx

  • MD5

    696fb9339c2e380ea6351783726c67be

  • SHA1

    3604d9ded94ac0fbaf0ac40a69e07b36980c9715

  • SHA256

    f046de843ad1265fb180d1e6b2b8021dcbddea6b3702bbc324fe78896e0a6a4e

  • SHA512

    ba6d8874db9fad1662a1c87a41dd4f7431b7343c189c1d948eeda04e263671868cbc751d564614848842ecf754da83788daf34e280abd4c8ca62143dc61a27ea

Score
10/10
smokeloaderzloaderr1r1backdoorbotnettrojan

Malware Config

Extracted

Family

smokeloader

Version

2020

C2

http://etasuklavish.today/

http://mragyzmachnobesdi.today/

http://kimchinikuzims.today/

http://slacvostinrius.today/

http://straponuliusyn.today/

http://grammmdinss.today/

http://viprasputinsd.chimkent.su/

http://lupadypa.dagestan.su/

http://stoknolimchin.exnet.su/

http://musaroprovadnikov.live/

http://teemforyourexprensiti.life/

http://stolkgolmishutich.termez.su/

http://roompampamgandish.wtf/
rc4.i32
rc4.i32

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      1qj5u.exe

    • Size

      112KB

    • MD5

      c989356bdc4ffc9b4752acecfddb551d

    • SHA1

      fff0e011c492e174a3175c3ddb2ee0d6ed9d7285

    • SHA256

      8afc2dd7267bbf83a46549f4e7731f6473610c33bc9ee41b4dd0b994c3a29473

    • SHA512

      f51769eed207b7b0e9387c9bc13d46502f0c25086c6f1ce8d16678bbe639f06efb799959efac10aefd6d92dd08310216d2929178ebee3f2c73ecad286c89da1f

    Score
    10/10
    smokeloaderbackdoortrojanzloaderr1r1botnet

    • SmokeLoader

      Modular backdoor trojan in use since 2014.

      trojanbackdoorsmokeloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Executes dropped EXE

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks