General

  • Target

    45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

  • Size

    485KB

  • Sample

    220520-3rmk6ahdd6

  • MD5

    e4a088773d56d0f6e7d1582f100b5137

  • SHA1

    5cf878a09b2de0b664467b928ad03453e5c1491e

  • SHA256

    45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

  • SHA512

    eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

http://bsraotpeiimmrnchcqvr.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://exqnbgauiphxqdeecitw.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://fpbkvirfkfvufpbkvgty.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://hikowojacckxccgglhvy.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://kdrowkrjhrdmbxkthljt.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://nvlmtlisfmcfgimicstx.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://syohvyctqfcgakxepsou.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://wdwrhikolxfwyyhwwfut.com/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes
build_id
17
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

    • Size

      485KB

    • MD5

      e4a088773d56d0f6e7d1582f100b5137

    • SHA1

      5cf878a09b2de0b664467b928ad03453e5c1491e

    • SHA256

      45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

    • SHA512

      eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Discovery

            Execution

              Exfiltration

                Impact

                  Initial Access

                    Lateral Movement

                      Persistence

                        Privilege Escalation

                          Tasks