General

  • Target

    zxeed.dll

  • Size

    586KB

  • Sample

    210210-ja7bmkyt3j

  • MD5

    c0a63eb0dc02d6bbab35b94555721ad3

  • SHA1

    ab29a3706e4019bd21c7a487a2e4f2d292cc869b

  • SHA256

    ccb110232bfb55812730ce5fa2b1f1a6e56fba5c2ed593ae9c5ce0087aaf97fc

  • SHA512

    de279b0a60aacafec1d7743625e07fcadfaf892d403c562d727b89912c154aecf9e17da6d80ba847cd44d27c436514a27a5fbaec827fd0a138646a58974fb75c

Malware Config

Extracted

Family

zloader

Botnet

kiv

Campaign

09/02

C2

https://earfetti.com/post.php

https://evalynews.com/post.php

https://sanciacinfofoothe.tk/post.php

https://enriwetmiti.tk/post.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      zxeed.dll

    • Size

      586KB

    • MD5

      c0a63eb0dc02d6bbab35b94555721ad3

    • SHA1

      ab29a3706e4019bd21c7a487a2e4f2d292cc869b

    • SHA256

      ccb110232bfb55812730ce5fa2b1f1a6e56fba5c2ed593ae9c5ce0087aaf97fc

    • SHA512

      de279b0a60aacafec1d7743625e07fcadfaf892d403c562d727b89912c154aecf9e17da6d80ba847cd44d27c436514a27a5fbaec827fd0a138646a58974fb75c

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks