General

  • Target

    FJGQ.dll

  • Size

    367KB

  • Sample

    201208-1xcnasaj32

  • MD5

    4e77416c8722b6a2bb4d2c557f18c163

  • SHA1

    9c40862d15470e8b71861a7bde057db42b6c5597

  • SHA256

    62e2111f572b8d095eae0415d4164f8055133e3da43e8b0c0b9cbd9ab3af967a

  • SHA512

    e952cccfd1b7ebb946565f9a7486bddd857f0c9b38da9f665492f33053b342e376127d778a3b821c7f3d252222e6ef2ed20fbb69aac768715bf70bc66d3c7af9

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

08/12

C2

https://nature4health.id/wp-punch.php

https://maschuquisaca.tk/wp-punch.php

https://serproimsas.com/wp-punch.php

https://agrospas.co.rs/wp-punch.php

https://fnxcrypto.com/server.php

https://lywakelireal.ga/wp-smarts.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      FJGQ.dll

    • Size

      367KB

    • MD5

      4e77416c8722b6a2bb4d2c557f18c163

    • SHA1

      9c40862d15470e8b71861a7bde057db42b6c5597

    • SHA256

      62e2111f572b8d095eae0415d4164f8055133e3da43e8b0c0b9cbd9ab3af967a

    • SHA512

      e952cccfd1b7ebb946565f9a7486bddd857f0c9b38da9f665492f33053b342e376127d778a3b821c7f3d252222e6ef2ed20fbb69aac768715bf70bc66d3c7af9

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks