General

  • Target

    Skype-8.88.0.401.exe

  • Size

    84MB

  • Sample

    220927-qh2bqsefdr

  • MD5

    a354d5d832f5a63c996be3ba24f3793c

  • SHA1

    0eeabbd3654bcb95615ede909eca7f1d8cb1465e

  • SHA256

    bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

  • SHA512

    f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc

Malware Config

Targets

    • Target

      Skype-8.88.0.401.exe

    • Size

      84MB

    • MD5

      a354d5d832f5a63c996be3ba24f3793c

    • SHA1

      0eeabbd3654bcb95615ede909eca7f1d8cb1465e

    • SHA256

      bd4ed965fbab660df571953482137e91a5af1a23c8a471b583d87e65266f64b2

    • SHA512

      f745d04cae393227b344c4fe4ba1d9bdc36058527c1621fd38d19ccc6bdeb15dd4251e66e6db9a88ec41dd59ddf3de357920e58980ca089119416d92c9fc90fc

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

        Execution

          Exfiltration

            Impact

              Initial Access

                Lateral Movement

                  Persistence

                    Privilege Escalation