General

  • Target

    f1987289f7a42f8ef652f6f6504991dbf0cd00a92653c544f67f1f25d4361ffc.zip

  • Size

    113KB

  • Sample

    210304-s24rbk2wqs

  • MD5

    7ccbbe758da8c0e50954d21608509a60

  • SHA1

    05988b5e451f798fbd66afcebe0679a641ed727c

  • SHA256

    b9357cb1b6cc09e0af8e956277a0867571472615953b6ba258cab8d006963c2a

  • SHA512

    f65f138a3b7abf064fe2e4401f03bb3d04df86a1c9c619030dbffc91d8dcc65b7d185110ac435c163ff6173f53e6cb614f9de0521ddd91507c5aedebf05575ed

Malware Config

Extracted

Family

zloader

Botnet

09/04

C2

https://eoieowo.casa/wp-config.php

https://dcgljuzrb.pw/wp-config.php

rc4.plain

Targets

    • Target

      f1987289f7a42f8ef652f6f6504991dbf0cd00a92653c544f67f1f25d4361ffc.dll

    • Size

      187KB

    • MD5

      561d814286baee1b2e815c06e39d6e4e

    • SHA1

      12defd78c0cd18d77a5ee085684e6e3c26ed42e9

    • SHA256

      f1987289f7a42f8ef652f6f6504991dbf0cd00a92653c544f67f1f25d4361ffc

    • SHA512

      01aa8a343625339321e55b5264a1f7f5c15309eccaaf78964e4e6a37c70416c35f64e874afbbaa5e8481c6687cee7fde3382404a24d920711707b8a5359e420b

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks