General
-
Target
45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543
-
Size
485KB
-
Sample
220520-3rmk6ahdd6
-
MD5
e4a088773d56d0f6e7d1582f100b5137
-
SHA1
5cf878a09b2de0b664467b928ad03453e5c1491e
-
SHA256
45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543
-
SHA512
eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d
Static task
static1
Behavioral task
behavioral1
Sample
45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543.dll
Resource
win7-20220414-en
Malware Config
Extracted
Family |
zloader |
Botnet |
r1 |
Campaign |
r1 |
C2 |
http://bsraotpeiimmrnchcqvr.com/LKhwojehDgwegSDG/gateJKjdsh.php http://exqnbgauiphxqdeecitw.com/LKhwojehDgwegSDG/gateJKjdsh.php http://fpbkvirfkfvufpbkvgty.com/LKhwojehDgwegSDG/gateJKjdsh.php http://hikowojacckxccgglhvy.com/LKhwojehDgwegSDG/gateJKjdsh.php http://kdrowkrjhrdmbxkthljt.com/LKhwojehDgwegSDG/gateJKjdsh.php http://nvlmtlisfmcfgimicstx.com/LKhwojehDgwegSDG/gateJKjdsh.php http://syohvyctqfcgakxepsou.com/LKhwojehDgwegSDG/gateJKjdsh.php http://wdwrhikolxfwyyhwwfut.com/LKhwojehDgwegSDG/gateJKjdsh.php |
Attributes |
build_id 17 |
rc4.plain |
|
rsa_pubkey.plain |
|
Targets
-
-
Target
45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543
-
Size
485KB
-
MD5
e4a088773d56d0f6e7d1582f100b5137
-
SHA1
5cf878a09b2de0b664467b928ad03453e5c1491e
-
SHA256
45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543
-
SHA512
eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation