General

  • Target

    xiNGRHX.txt.dll

  • Size

    688KB

  • Sample

    210324-razqfejz3j

  • MD5

    bb4d1959e6a7850a556ebadf69d18508

  • SHA1

    c4a940aa768e97da36393a899775ff7172f66274

  • SHA256

    61be79c9e47ad894006907c544c0a2d606d8d69c95298ffc5861f20c4b87769e

  • SHA512

    57c6e278ca830b5d20ab0d6a442cfca2265abffa5f46f40c4551e22a0acafef0b0a9fe06b08848bc58dfd5e7e5327ccc4c684edb60204cbcc5a839a9bbbe0a0d

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      xiNGRHX.txt.dll

    • Size

      688KB

    • MD5

      bb4d1959e6a7850a556ebadf69d18508

    • SHA1

      c4a940aa768e97da36393a899775ff7172f66274

    • SHA256

      61be79c9e47ad894006907c544c0a2d606d8d69c95298ffc5861f20c4b87769e

    • SHA512

      57c6e278ca830b5d20ab0d6a442cfca2265abffa5f46f40c4551e22a0acafef0b0a9fe06b08848bc58dfd5e7e5327ccc4c684edb60204cbcc5a839a9bbbe0a0d

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks