General

  • Target

    AvjaxFt7.html

  • Size

    511KB

  • Sample

    210312-ems6lhe182

  • MD5

    c6b02277b3dd7e0fd1133cf9290cdef6

  • SHA1

    754cc1546ceafe9f62db188e214d5696aed609d5

  • SHA256

    d20f5e6ff3b8af7d2adb395d2fc57b5c35343fc7b17865ccbbc66b66711a3b4c

  • SHA512

    e5702c48ce1dcdde8c059502f4c316ec31dd02ff0995ce33ebadbca913d31d0e213089c162e8cdbe356f7ca806e00ffe5f00f4ccc7ed97b6a09966fad392a701

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

12/03

C2

https://dazzlingnight.com/post.php

https://rylaconfxilo.tk/post.php

https://seaofsilver.com/post.php

https://kenthehafana.tk/post.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      AvjaxFt7.html

    • Size

      511KB

    • MD5

      c6b02277b3dd7e0fd1133cf9290cdef6

    • SHA1

      754cc1546ceafe9f62db188e214d5696aed609d5

    • SHA256

      d20f5e6ff3b8af7d2adb395d2fc57b5c35343fc7b17865ccbbc66b66711a3b4c

    • SHA512

      e5702c48ce1dcdde8c059502f4c316ec31dd02ff0995ce33ebadbca913d31d0e213089c162e8cdbe356f7ca806e00ffe5f00f4ccc7ed97b6a09966fad392a701

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks