General

  • Target

    913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb

  • Size

    582KB

  • Sample

    220418-ft619abbdl

  • MD5

    c822149db6e41ee020572700b82eff28

  • SHA1

    5c8b4eaac5e209c11fd8ccd6a86b5629d8a04741

  • SHA256

    913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb

  • SHA512

    eac49b60df3ca9b34d8f5f5117a0c89eac466fd9a6209fab9cd91d34978a687fbae83c72311af2d793d211de81246dd3b515ac78d5213a7aca2064ff15a591ed

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija

C2

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php

https://odjdnhsaj.su/gate.php

https://odoishsaj.su/gate.php

Attributes
  • build_id

    148

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb

    • Size

      582KB

    • MD5

      c822149db6e41ee020572700b82eff28

    • SHA1

      5c8b4eaac5e209c11fd8ccd6a86b5629d8a04741

    • SHA256

      913c6f65e3cab1756f424fa7c2d81b75ab0726b66d5c301056740821b641adfb

    • SHA512

      eac49b60df3ca9b34d8f5f5117a0c89eac466fd9a6209fab9cd91d34978a687fbae83c72311af2d793d211de81246dd3b515ac78d5213a7aca2064ff15a591ed

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks