General

  • Target

    temp.bin

  • Size

    380KB

  • Sample

    201218-6meazzw55e

  • MD5

    e0af3054669d6232870b87e1e239a689

  • SHA1

    f0aa6e50471e70d07a1b70207f38538cb31ed569

  • SHA256

    f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224

  • SHA512

    1574e2aca2415a90677053da5f625d4a9e3bb2e85362cc7acc7b6430a35eb889883da1fda694d79ee38349fee01b5843d0717d864e2d801302755188308d513f

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

11/12

C2

https://www.businessinsurancelaw.com/wp-punch.php

https://squire.ae/wp-punch.php

https://lamun.pk/wp-punch.php

https://www.rcclabbd.com/wp-punch.php

https://thecype.com/wp-punch.php

https://theterteboltallbrow.tk/wp-smarts.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      temp.bin

    • Size

      380KB

    • MD5

      e0af3054669d6232870b87e1e239a689

    • SHA1

      f0aa6e50471e70d07a1b70207f38538cb31ed569

    • SHA256

      f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224

    • SHA512

      1574e2aca2415a90677053da5f625d4a9e3bb2e85362cc7acc7b6430a35eb889883da1fda694d79ee38349fee01b5843d0717d864e2d801302755188308d513f

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks