General

  • Target

    microsoft_shared.tmp

  • Size

    356KB

  • Sample

    210307-xm6ye13gk2

  • MD5

    f40fa873364ee354a88fec7ae1b4a804

  • SHA1

    262b0c8053de8194137e041a2d9802f3f266ad3c

  • SHA256

    b70f6b2942fcd266a4fed8283cea70f57fc07e2894d348260372aa56d9e17d1b

  • SHA512

    946f2f90a0d38ce73b38577cdde7f79f00a7ec88747e55ca41dc700a3a92cc4992a5a8141cbc2abdb280699185faa74acca00a625a10eff88e5cf984f0b92a47

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      microsoft_shared.tmp

    • Size

      356KB

    • MD5

      f40fa873364ee354a88fec7ae1b4a804

    • SHA1

      262b0c8053de8194137e041a2d9802f3f266ad3c

    • SHA256

      b70f6b2942fcd266a4fed8283cea70f57fc07e2894d348260372aa56d9e17d1b

    • SHA512

      946f2f90a0d38ce73b38577cdde7f79f00a7ec88747e55ca41dc700a3a92cc4992a5a8141cbc2abdb280699185faa74acca00a625a10eff88e5cf984f0b92a47

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks