45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

General
Target

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

Size

485KB

Sample

220520-3rmk6ahdd6

Score
10 /10
MD5

e4a088773d56d0f6e7d1582f100b5137

SHA1

5cf878a09b2de0b664467b928ad03453e5c1491e

SHA256

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

SHA512

eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

Malware Config

Extracted

Family zloader
Botnet r1
Campaign r1
C2

http://bsraotpeiimmrnchcqvr.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://exqnbgauiphxqdeecitw.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://fpbkvirfkfvufpbkvgty.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://hikowojacckxccgglhvy.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://kdrowkrjhrdmbxkthljt.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://nvlmtlisfmcfgimicstx.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://syohvyctqfcgakxepsou.com/LKhwojehDgwegSDG/gateJKjdsh.php

http://wdwrhikolxfwyyhwwfut.com/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes
build_id
17
rc4.plain
rsa_pubkey.plain
Targets
Target

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

MD5

e4a088773d56d0f6e7d1582f100b5137

Filesize

485KB

Score
10/10
SHA1

5cf878a09b2de0b664467b928ad03453e5c1491e

SHA256

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

SHA512

eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

Tags

Signatures

  • Suspicious use of NtCreateUserProcessOtherParentProcess

  • Zloader, Terdot, DELoader, ZeusSphinx

    Description

    Zloader is a malware strain that was initially discovered back in August 2015.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10