General

  • Target

    3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf

  • Size

    512KB

  • Sample

    211004-nwn78agcgl

  • MD5

    fa9b3dfdb4b97dfe0db5991472f89399

  • SHA1

    5677f26e926c8c8d7f7bf7eb085a9e48549a268b

  • SHA256

    3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf

  • SHA512

    e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

20/04

C2

https://dcaiqjgnbt.icu/wp-config.php

https://nmttxggtb.press/wp-config.php

rc4.plain

Targets

    • Target

      3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf

    • Size

      512KB

    • MD5

      fa9b3dfdb4b97dfe0db5991472f89399

    • SHA1

      5677f26e926c8c8d7f7bf7eb085a9e48549a268b

    • SHA256

      3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf

    • SHA512

      e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks