Resubmissions

15-11-2023 11:10

231115-m96hzsgb22 10

02-05-2022 23:45

220502-3rtpgaeghq 10

General

  • Target

    023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82

  • Size

    2.6MB

  • Sample

    220502-3rtpgaeghq

  • MD5

    fb95561e8ed7289d015e945ad470e6db

  • SHA1

    03573bc869701cffd7c96e223633d46b0a23823a

  • SHA256

    023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82

  • SHA512

    2a0bf4048c1a9eca9e13566b1512403b51462c8eb71cfb273225fbc221aa156a3d3eb571fa5328ff2f4e2ef7026b3e8847f0c0a739d8f989ba716efa411821a6

Malware Config

Extracted

Family

zloader

Botnet

pref

Campaign

fpref

C2

http://penaz.info/gate.php

http://
advokat-hodonin.info/gate.php

Attributes
  • build_id

    7

rc4.plain

Targets

    • Target

      023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82

    • Size

      2.6MB

    • MD5

      fb95561e8ed7289d015e945ad470e6db

    • SHA1

      03573bc869701cffd7c96e223633d46b0a23823a

    • SHA256

      023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82

    • SHA512

      2a0bf4048c1a9eca9e13566b1512403b51462c8eb71cfb273225fbc221aa156a3d3eb571fa5328ff2f4e2ef7026b3e8847f0c0a739d8f989ba716efa411821a6

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks