General

  • Target

    90c0857b9095a1a1f51d94fdbf915e33aee78d510ef0e8674d233fc1223149d7

  • Size

    809KB

  • Sample

    220201-lte6escder

  • MD5

    eeb55d19351258f514e47c03bc30be67

  • SHA1

    64c076da46b169c13d1e933f5f420856fe2072dc

  • SHA256

    90c0857b9095a1a1f51d94fdbf915e33aee78d510ef0e8674d233fc1223149d7

  • SHA512

    6816c30f0338b14fff22ecc064a3e795136cf93c0afeace84a81fa68ff30996a60ff7fa670ad80ab8270b282e00e9c8eef8e4628feccacb62a0954d44321b996

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-06-07

C2

https://matarlod.org/web/data

https://datearoc.org/web/data

https://rechnecy.org/web/data

https://ramissal.org/web/data

https://raidesci.org/web/data

https://glartrot.org/web/data

https://revenapo.org/web/data

https://brenonip.org/web/data

Attributes
  • build_id

    4

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      90c0857b9095a1a1f51d94fdbf915e33aee78d510ef0e8674d233fc1223149d7

    • Size

      809KB

    • MD5

      eeb55d19351258f514e47c03bc30be67

    • SHA1

      64c076da46b169c13d1e933f5f420856fe2072dc

    • SHA256

      90c0857b9095a1a1f51d94fdbf915e33aee78d510ef0e8674d233fc1223149d7

    • SHA512

      6816c30f0338b14fff22ecc064a3e795136cf93c0afeace84a81fa68ff30996a60ff7fa670ad80ab8270b282e00e9c8eef8e4628feccacb62a0954d44321b996

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks