General

  • Size

    500KB

  • Sample

    210316-7wv57c1c4n

  • MD5

    c91aa7c80fa2e6fbf094040caeabca14

  • SHA1

    aaa87f6e2b6f923df5aa4b92ebe70bb744d1f311

  • SHA256

    e5af4868fc46a5a675d9e93c4e45b9fef7043fe2263ad0bd9469082c00d74139

  • SHA512

    10bef80585a6ca2cf32c3a526aeca4072d108c8c488a5b5e9744a487cdfc48a1f3ce5935e33f7ae5b0d961e2b291c0c79c882df3f1a64f54c4adb6d49b1e1ac1

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      1391343.dll

    • Size

      500KB

    • MD5

      c91aa7c80fa2e6fbf094040caeabca14

    • SHA1

      aaa87f6e2b6f923df5aa4b92ebe70bb744d1f311

    • SHA256

      e5af4868fc46a5a675d9e93c4e45b9fef7043fe2263ad0bd9469082c00d74139

    • SHA512

      10bef80585a6ca2cf32c3a526aeca4072d108c8c488a5b5e9744a487cdfc48a1f3ce5935e33f7ae5b0d961e2b291c0c79c882df3f1a64f54c4adb6d49b1e1ac1

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation