General

  • Target

    e3c48c72d0d090ac01bff8bf6d54c08a6fedcda2e527d424d6f64a70016d2ba6

  • Size

    364KB

  • Sample

    220625-c2aq8saggp

  • MD5

    d00f0818093c5960cb3ea0de3b93f341

  • SHA1

    a7bdf8da3a30ac98a0df9fd0bd50f61a330056f1

  • SHA256

    e3c48c72d0d090ac01bff8bf6d54c08a6fedcda2e527d424d6f64a70016d2ba6

  • SHA512

    681fe9460252b315e6bc976793b0a594cfc501ad574b03525597aa0d5342201672811cf6bd86b5412d9a43df5500e43f28bdab1e5ca361e431532ecce5e5ca05

Malware Config

Extracted

Family

zloader

Botnet

apr09

Campaign

Canada

C2

http://march262020.best/post.php

http://march262020.club/post.php

http://march262020.com/post.php

http://march262020.live/post.php

http://march262020.network/post.php

http://march262020.online/post.php

http://march262020.site/post.php

http://march262020.store/post.php

http://march262020.tech/post.php

Attributes
  • build_id

    94

rc4.plain

Targets

    • Target

      e3c48c72d0d090ac01bff8bf6d54c08a6fedcda2e527d424d6f64a70016d2ba6

    • Size

      364KB

    • MD5

      d00f0818093c5960cb3ea0de3b93f341

    • SHA1

      a7bdf8da3a30ac98a0df9fd0bd50f61a330056f1

    • SHA256

      e3c48c72d0d090ac01bff8bf6d54c08a6fedcda2e527d424d6f64a70016d2ba6

    • SHA512

      681fe9460252b315e6bc976793b0a594cfc501ad574b03525597aa0d5342201672811cf6bd86b5412d9a43df5500e43f28bdab1e5ca361e431532ecce5e5ca05

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

      suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

    • suricata: ET MALWARE Zbot POST Request to C2

      suricata: ET MALWARE Zbot POST Request to C2

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks