Overview

overview

10

Static

static

8

Documents_...46.xls

windows7_x64

10

Documents_...46.xls

windows10_x64

10

Resubmissions

12-03-2021 15:02

210312-dhkaaa3tl2 10

12-03-2021 14:44

210312-hztk9z9xv6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Documents_2107120546.xls

  • Size

    273KB

  • Sample

    210312-hztk9z9xv6

  • MD5

    ab63a0153a6fe4e139ad83a6ffbab090

  • SHA1

    1995e0863944a36b315a04b3ad7d073d50e16d05

  • SHA256

    3e43ec6538c8a8e0e3eee05ddfe1f304e9d42c9647c7df186c61c5e2d3c6218d

  • SHA512

    b2bd1ed261d87760265f82304f6feb4981d994217350325bb3e8715355f8acdeb782936861b18513544f8873ee344699670415d3e74798fa18ac256dad200a78

Score
10/10
zloaderkev12/03botnetmacrotrojanxlm

Malware Config

Extracted

Language
xlm4.0
Source
URLs
xlm40.dropper

https://sssolutionsllc.org/k.php

Extracted

Family

zloader

Botnet

kev

Campaign

12/03

C2

https://dazzlingnight.com/post.php

https://rylaconfxilo.tk/post.php

https://seaofsilver.com/post.php

https://kenthehafana.tk/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      Documents_2107120546.xls

    • Size

      273KB

    • MD5

      ab63a0153a6fe4e139ad83a6ffbab090

    • SHA1

      1995e0863944a36b315a04b3ad7d073d50e16d05

    • SHA256

      3e43ec6538c8a8e0e3eee05ddfe1f304e9d42c9647c7df186c61c5e2d3c6218d

    • SHA512

      b2bd1ed261d87760265f82304f6feb4981d994217350325bb3e8715355f8acdeb782936861b18513544f8873ee344699670415d3e74798fa18ac256dad200a78

    Score
    10/10
    zloaderkev12/03botnettrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks