General

  • Target

    McAfee_Installer_serial_EAJ2du6QN92S5ciEQRGJ3g2_key_affid_1249_akey.exe

  • Size

    79.7MB

  • Sample

    220903-f4xwbsced8

  • MD5

    d71b768695e1528a79fe09208fbc3fa9

  • SHA1

    d2b0135f0ee93421c7a72c565aef39f21b21951a

  • SHA256

    af1934aaf8568f4dcef87bfd782cbc17ad1fe1757cebaf84cd5ef510ab8a4590

  • SHA512

    172db981be0f9f1cec2c1a20d7f3a98225dad4f1a5a140f558a1e947a644962f09b857c8be4e15e2586aacbc58cfeae46a7367be6f38b8935014cd16fb52c5d6

  • SSDEEP

    1572864:DFKLm9nBR1XAjxHfccd7kNqKf6uRK7/QlMWIrnNBypju1JFo:DFAm93toHfcQ7kLCuR/udrNQpMJFo

Malware Config

Targets

    • Target

      McAfee_Installer_serial_EAJ2du6QN92S5ciEQRGJ3g2_key_affid_1249_akey.exe

    • Size

      79.7MB

    • MD5

      d71b768695e1528a79fe09208fbc3fa9

    • SHA1

      d2b0135f0ee93421c7a72c565aef39f21b21951a

    • SHA256

      af1934aaf8568f4dcef87bfd782cbc17ad1fe1757cebaf84cd5ef510ab8a4590

    • SHA512

      172db981be0f9f1cec2c1a20d7f3a98225dad4f1a5a140f558a1e947a644962f09b857c8be4e15e2586aacbc58cfeae46a7367be6f38b8935014cd16fb52c5d6

    • SSDEEP

      1572864:DFKLm9nBR1XAjxHfccd7kNqKf6uRK7/QlMWIrnNBypju1JFo:DFAm93toHfcQ7kLCuR/udrNQpMJFo

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Registers COM server for autorun

    • Sets file execution options in registry

    • Sets service image path in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks