Resubmissions

31-10-2023 09:03

231031-k1gr6aha76 10

07-07-2021 20:04

210707-p9kx8yftcx 10

General

  • Target

    favicon.dll

  • Size

    646KB

  • Sample

    210707-p9kx8yftcx

  • MD5

    1d700b208c65ca26efe5fa4be4749569

  • SHA1

    3deeff224b359ca2b28a841a116b84b783206adc

  • SHA256

    f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09

  • SHA512

    8c5bcbdf35f4e3ad1177d98b0944b1ec9f407a7bd537af5ecd8e5aad37a67c4c46748bfbe165b4edb6348324e4b97d26a6e1af0007f458c3f697a6757cb05d92

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://dssdffsdf.drld/mm.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      favicon.dll

    • Size

      646KB

    • MD5

      1d700b208c65ca26efe5fa4be4749569

    • SHA1

      3deeff224b359ca2b28a841a116b84b783206adc

    • SHA256

      f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09

    • SHA512

      8c5bcbdf35f4e3ad1177d98b0944b1ec9f407a7bd537af5ecd8e5aad37a67c4c46748bfbe165b4edb6348324e4b97d26a6e1af0007f458c3f697a6757cb05d92

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks