General

  • Target

    9afda0de1b54bc55060751b6da6b6f047603214f9de8bf05f79a91c8d00ed4c9.zip

  • Size

    147KB

  • Sample

    210621-x1q272zwq6

  • MD5

    8cbfaeafbd0121cc008cfd5ee2e30340

  • SHA1

    baf55b89967cec02d83064789750459b1faedcfb

  • SHA256

    b6ea5cb040f1fa59d182ec85719e161046e165d67af604e646b8a5b0e233759b

  • SHA512

    5e2a6e8e69f63a109b4fcb05fa8500a39ccdddd483bb8885589d23aa5c5be0b246cc6194247ecaf409319ea71891c5d8e8c8cea134636a799643676e74d76bf0

Malware Config

Extracted

Family

zloader

Botnet

personal

Campaign

personal

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      9afda0de1b54bc55060751b6da6b6f047603214f9de8bf05f79a91c8d00ed4c9.dll

    • Size

      335KB

    • MD5

      64fcff8a2ff203b88fc722dbd8b5cc97

    • SHA1

      e15c8b910562fea492d5302d2a951acdc239018b

    • SHA256

      9afda0de1b54bc55060751b6da6b6f047603214f9de8bf05f79a91c8d00ed4c9

    • SHA512

      a6c9e2293c8720089d5f5995d75deb738b35ffe0bd9d884ab8084b25f60cdd35ffdca6d7657e642674ac2768237cc6aa9a1766b633efca9cf715a16b6c370b5c

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks