General

  • Target

    Agree.dll

  • Size

    367KB

  • Sample

    201208-bd6v35tm6x

  • MD5

    b8486dcef44c59a2652378724ef2a995

  • SHA1

    1a71166669aa8810474fcb6700851175c643bd30

  • SHA256

    35466f0c22f220890b932e59f9a21032712e8260343d13ad4c0d9560db3b638f

  • SHA512

    70da95fda92ff4e1f4157a747e50dc311cf1e3add4b4a3fd8da6c2c752b5fa7b6572f860d069630792804d0a45479e84dee86be0129994fa5ef3a83657fd003e

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

08/12

C2

https://nature4health.id/wp-punch.php

https://maschuquisaca.tk/wp-punch.php

https://serproimsas.com/wp-punch.php

https://agrospas.co.rs/wp-punch.php

https://fnxcrypto.com/server.php

https://lywakelireal.ga/wp-smarts.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      Agree.dll

    • Size

      367KB

    • MD5

      b8486dcef44c59a2652378724ef2a995

    • SHA1

      1a71166669aa8810474fcb6700851175c643bd30

    • SHA256

      35466f0c22f220890b932e59f9a21032712e8260343d13ad4c0d9560db3b638f

    • SHA512

      70da95fda92ff4e1f4157a747e50dc311cf1e3add4b4a3fd8da6c2c752b5fa7b6572f860d069630792804d0a45479e84dee86be0129994fa5ef3a83657fd003e

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks