rVuj5bF.bin

General
Target

rVuj5bF.bin

Size

403KB

Sample

210305-jqn2paptcs

Score
10 /10
MD5

4e9d3907d80cfe903df735b855d5eaeb

SHA1

3fcc74d0b646e8324f0a4cf4708890a8261f3e84

SHA256

280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938

SHA512

672b8b0dd776ff156504e55c171fe035e5aac7b1b48ae785973113648717317eb611acbcc6141c5ab6c0096c4f41c24c335d957afbca1fddcf15dfde9750361f

Malware Config

Extracted

Family zloader
Botnet minik
Campaign 18/06
C2

https://neomithirdseman.tk/wp-parsing.php

https://fernmasucsavidi.cf/wp-parsing.php

https://wireborg.com/wp-parsing.php

https://secretele-naturii.xyz/wp-parsing.php

https://legendcoder.com/wp-parsing.php

rc4.plain
rsa_pubkey.plain
Targets
Target

rVuj5bF.bin

MD5

4e9d3907d80cfe903df735b855d5eaeb

Filesize

403KB

Score
10 /10
SHA1

3fcc74d0b646e8324f0a4cf4708890a8261f3e84

SHA256

280fedf6fd7e0964222ac9b21bcc289c222c7ea91d7bad6350741bdf8c1f0938

SHA512

672b8b0dd776ff156504e55c171fe035e5aac7b1b48ae785973113648717317eb611acbcc6141c5ab6c0096c4f41c24c335d957afbca1fddcf15dfde9750361f

Tags

Signatures

  • Zloader, Terdot, DELoader, ZeusSphinx

    Description

    Zloader is a malware strain that was initially discovered back in August 2015.

    Tags

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10