General

  • Target

    us.dll

  • Size

    507KB

  • Sample

    211207-erctysfhck

  • MD5

    e37ed649a3777bff725e4a0074a9c8e3

  • SHA1

    7a57118ee3122c9bdb45cf7a9b2efd72fe258771

  • SHA256

    dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844

  • SHA512

    62ac3aad9932a3159c02ef66b7da48c7f4d596e936dc67afe8902554cfc3fbab71c21419b95c67617222f06747f96a9906d280a4049c82a2f9bbab769739c569

Malware Config

Extracted

Family

zloader

Botnet

9092us

Campaign

9092us

C2

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Extracted

Family

zloader

Botnet

personal

Campaign

personal

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      us.dll

    • Size

      507KB

    • MD5

      e37ed649a3777bff725e4a0074a9c8e3

    • SHA1

      7a57118ee3122c9bdb45cf7a9b2efd72fe258771

    • SHA256

      dbc9134eea10cc88289908e112cde9a69334c779a3a659da17d3656f48a7f844

    • SHA512

      62ac3aad9932a3159c02ef66b7da48c7f4d596e936dc67afe8902554cfc3fbab71c21419b95c67617222f06747f96a9906d280a4049c82a2f9bbab769739c569

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Enterprise v6

Tasks