General

  • Target

    889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8

  • Size

    334KB

  • Sample

    220625-gk582aafg8

  • MD5

    68614fa2335fb83b70f21e9a52d21564

  • SHA1

    108dbe69275819d24db77fc168acf55eedf12889

  • SHA256

    889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8

  • SHA512

    6a1ead3489c7bc789b4e4e4eed665e4d1036e14191449e2604bb6ef72e6cf6345f89e494c5beeac80f15d60b9d2d08bb93298b9bd0dcdd1a9511df5a0ed9475f

Malware Config

Extracted

Family

zloader

Botnet

27/02

C2

https://soficatan.site/milagrecf.php

https://barbeyo.xyz/milagrecf.php

Attributes
  • build_id

    70

rc4.plain

Targets

    • Target

      889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8

    • Size

      334KB

    • MD5

      68614fa2335fb83b70f21e9a52d21564

    • SHA1

      108dbe69275819d24db77fc168acf55eedf12889

    • SHA256

      889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8

    • SHA512

      6a1ead3489c7bc789b4e4e4eed665e4d1036e14191449e2604bb6ef72e6cf6345f89e494c5beeac80f15d60b9d2d08bb93298b9bd0dcdd1a9511df5a0ed9475f

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks