General

  • Target

    2020-09-17-Zloader.zip

  • Size

    231KB

  • Sample

    201223-rz5l5gmazn

  • MD5

    3f71049fde43f2669802ab953b9d434e

  • SHA1

    775e6e1bb1d07211b8ef93f0c44b8dab689cb44f

  • SHA256

    2ba65215543995ad4cac30ba3dfe32d23cafcc3e17c6c7bf4bb3ecbe7460adb5

  • SHA512

    44c36198452df58078fcef60ec141a0df9f8f6a32744d507af07b3773cfc41fc6cd3695c8ba2b3a79ac521fb9aae0c78c95d12aadadc1ba6a95776ebbb5cdf4d

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hoxfqvlgoabyfspvjimc.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      muadcuy.exe

    • Size

      343KB

    • MD5

      d5afcf6fe67071bc51781701b7f9281a

    • SHA1

      6f1ac3e0a66b11200d323e615acbcb5f2fd8e4ba

    • SHA256

      93951379e57e4f159bb62fd7dd563d1ac2f3f23c80ba89f2da2e395b8a647dcf

    • SHA512

      3c5eac5cd73af63490a61867757c18b7fa971dc48bac3ec5e076c58f5530cb2962106c08f5375fb40038f048067f72e5b5cd2c31e6ad7379767544ec6d01949e

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks