Resubmissions

04-08-2023 09:59

230804-lz5y2aad94 10

03-08-2023 16:52

230803-vdwb5sfh5t 10

06-11-2020 00:36

201106-mvjrspwr32 10

General

  • Target

    n4.exe

  • Size

    285KB

  • Sample

    230804-lz5y2aad94

  • MD5

    bcdae9f51c056a8bdfda1ab7dd9291f9

  • SHA1

    e25e061296177376ffb63a8679dab6294609d436

  • SHA256

    d0bef870592d1095d72178c27b2ce81dc94163aa30fa0742d6d428a1485ae459

  • SHA512

    06e2843889fdc5106af1e92047f14b49c01b1d6601225083f370fee355d58d7ea1d180ade81fde03d10b752fba0a4096193edfae5360473af5dcd930b67109b9

  • SSDEEP

    3072:fjnDk9LzxWoER2GsQjMBiaf/UABDjX8guvrJ6tAQBRhxBhWdGrOJhjNS6O:fbwVxWo8sQIBiYTDjru16NOJhC

Malware Config

Extracted

Family

zloader

Botnet

r2

Campaign

r2

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes
  • build_id

    136

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      n4.exe

    • Size

      285KB

    • MD5

      bcdae9f51c056a8bdfda1ab7dd9291f9

    • SHA1

      e25e061296177376ffb63a8679dab6294609d436

    • SHA256

      d0bef870592d1095d72178c27b2ce81dc94163aa30fa0742d6d428a1485ae459

    • SHA512

      06e2843889fdc5106af1e92047f14b49c01b1d6601225083f370fee355d58d7ea1d180ade81fde03d10b752fba0a4096193edfae5360473af5dcd930b67109b9

    • SSDEEP

      3072:fjnDk9LzxWoER2GsQjMBiaf/UABDjX8guvrJ6tAQBRhxBhWdGrOJhjNS6O:fbwVxWo8sQIBiYTDjru16NOJhC

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks