EQq5Mu9U.exe

General
Target

EQq5Mu9U.exe

Size

440KB

Sample

201202-6crv4myx46

Score
10 /10
MD5

7784c1f0ad355b7c60213ce7a6904653

SHA1

17743db7539bd4f95ae98b335c68a6bfc8f6c74e

SHA256

47dd6855869ea0ad0cc43dddc110eb54f1b399dedfb337a8b88dead4914ec609

SHA512

50547a2b94b04bad6b4f0b6cd9437e33c983a5beca6841b5b552de9e84c1a7d7d8c3e39c5a070632f67838deddd9a2a915e1ed29124b6678f7d4ca876f089368

Malware Config

Extracted

Family zloader
Botnet nut
Campaign 02/12
C2

https://www.alhasanatbooks.com/reader.php

https://aflim.org.ng/wp-punch.php

https://sardarmohammad.com/reports.php

https://erikarabelo.com.br/server.php

https://thechapelofthehealingcross.org/java.php

https://grebcanualcwilfprofal.ml/wp-smarts.php

rc4.plain
rsa_pubkey.plain
Targets
Target

EQq5Mu9U.exe

MD5

7784c1f0ad355b7c60213ce7a6904653

Filesize

440KB

Score
10 /10
SHA1

17743db7539bd4f95ae98b335c68a6bfc8f6c74e

SHA256

47dd6855869ea0ad0cc43dddc110eb54f1b399dedfb337a8b88dead4914ec609

SHA512

50547a2b94b04bad6b4f0b6cd9437e33c983a5beca6841b5b552de9e84c1a7d7d8c3e39c5a070632f67838deddd9a2a915e1ed29124b6678f7d4ca876f089368

Tags

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Description

    Zloader is a malware strain that was initially discovered back in August 2015.

    Tags

  • Blacklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10