Resubmissions

10-08-2023 17:07

230810-vmzqxsfe66 10

10-08-2023 16:28

230810-tym1tsfa36 10

01-02-2022 09:54

220201-lxap4sceap 10

General

  • Target

    890eacb1a49d606586eb585ee0738f55ac76fb3a175016ad627532425ee19dc8

  • Size

    251KB

  • Sample

    220201-lxap4sceap

  • MD5

    4c35bc0bb978ae5273a27c7882483eb4

  • SHA1

    e5fb5c5c523e872db6ffd03428f5c0dc74cc9192

  • SHA256

    890eacb1a49d606586eb585ee0738f55ac76fb3a175016ad627532425ee19dc8

  • SHA512

    03154958d83f22969e2967425c35c30bd3a402073819cbea4583f147fecae8ca28281f6c4af5c4c883c3d71e2d272dba066f7b524bf185e512f1092e2db520ee

Malware Config

Extracted

Family

zloader

Botnet

spam

Campaign

BZMAN

C2

https://stoutorder.xyz/rest.php

Attributes
  • build_id

    3

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      890eacb1a49d606586eb585ee0738f55ac76fb3a175016ad627532425ee19dc8

    • Size

      251KB

    • MD5

      4c35bc0bb978ae5273a27c7882483eb4

    • SHA1

      e5fb5c5c523e872db6ffd03428f5c0dc74cc9192

    • SHA256

      890eacb1a49d606586eb585ee0738f55ac76fb3a175016ad627532425ee19dc8

    • SHA512

      03154958d83f22969e2967425c35c30bd3a402073819cbea4583f147fecae8ca28281f6c4af5c4c883c3d71e2d272dba066f7b524bf185e512f1092e2db520ee

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks