Resubmissions

10-08-2023 17:09

230810-vn35qsfe85 10

10-08-2023 16:29

230810-ty96csgg4t 10

07-07-2021 20:32

210707-5mqmkk4eyx 10

General

  • Target

    1f41fd3e96ef1c1328d08ced03ac5e1b717a45cda8cf94a1c4ffe775e43623b8.dll

  • Size

    172KB

  • Sample

    230810-vn35qsfe85

  • MD5

    2297dee946320ce03b8db35b1ae6462d

  • SHA1

    5958e724e5cceca807531b2b1ea4b18a2a8698dd

  • SHA256

    1f41fd3e96ef1c1328d08ced03ac5e1b717a45cda8cf94a1c4ffe775e43623b8

  • SHA512

    560b1f80b5e96ae8281bbea2271476a2a38d6c55b231c4e5594d9581cf5cb0bdcfffb1cd02b4aca4249eb0e21b15ee48391c02d7170dfad410ae591243ff5188

  • SSDEEP

    3072:EoUF1YzA5/iJ+PG6qOP3SCmNTxJ43nPNntucoYBqCWCpJw6vS5dTGzpsf4eP4:OQJ2P3nmpxAzoSqBC162feg

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://dssdffsdf.drld/mm.php

Attributes
  • build_id

    43

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      1f41fd3e96ef1c1328d08ced03ac5e1b717a45cda8cf94a1c4ffe775e43623b8.dll

    • Size

      172KB

    • MD5

      2297dee946320ce03b8db35b1ae6462d

    • SHA1

      5958e724e5cceca807531b2b1ea4b18a2a8698dd

    • SHA256

      1f41fd3e96ef1c1328d08ced03ac5e1b717a45cda8cf94a1c4ffe775e43623b8

    • SHA512

      560b1f80b5e96ae8281bbea2271476a2a38d6c55b231c4e5594d9581cf5cb0bdcfffb1cd02b4aca4249eb0e21b15ee48391c02d7170dfad410ae591243ff5188

    • SSDEEP

      3072:EoUF1YzA5/iJ+PG6qOP3SCmNTxJ43nPNntucoYBqCWCpJw6vS5dTGzpsf4eP4:OQJ2P3nmpxAzoSqBC162feg

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks