Resubmissions

08-12-2023 09:42

231208-lpedbsad63 10

03-05-2022 14:52

220503-r8w1dacbaq 10

General

  • Target

    3b15e508148ba5ce4b81a242102621ddc2211d0add67b08848e21efe8607e8ff

  • Size

    175KB

  • Sample

    231208-la4pnsbe7v

  • MD5

    e4832c37e76f842e250f9e4ba5e06b75

  • SHA1

    23f37f0b0bc6bd27a4292b1631e30fff21bc3895

  • SHA256

    3b15e508148ba5ce4b81a242102621ddc2211d0add67b08848e21efe8607e8ff

  • SHA512

    8b049fdb6405435e1da218c7d21744c599ecc614def4d99e7622457635f32daf0536a68610f23f8c9a3ca1d492dd08df4a0bb19791b8903d013389e506ef5f27

  • SSDEEP

    3072:spLemeTM07RH+Rej3a6BDMua5efCtCgCo8ioXoRz:0LteTL+Rk3a6BDk5UoN8

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://makemoneywithforexxs.com/bFnF0y1r/7QKpXmV3Pz.php

https://monanuslanus.com/bFnF0y1r/7QKpXmV3Pz.php

https://lericastrongs.com/bFnF0y1r/7QKpXmV3Pz.php

https://hyllionsudks.com/bFnF0y1r/7QKpXmV3Pz.php

https://crimewasddef.com/bFnF0y1r/7QKpXmV3Pz.php

https://derekdsingel.com/bFnF0y1r/7QKpXmV3Pz.php

https://simplereffiret.com/bFnF0y1r/7QKpXmV3Pz.php

https://regeerscomba.com/bFnF0y1r/7QKpXmV3Pz.php

Attributes
  • build_id

    75

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      3b15e508148ba5ce4b81a242102621ddc2211d0add67b08848e21efe8607e8ff

    • Size

      175KB

    • MD5

      e4832c37e76f842e250f9e4ba5e06b75

    • SHA1

      23f37f0b0bc6bd27a4292b1631e30fff21bc3895

    • SHA256

      3b15e508148ba5ce4b81a242102621ddc2211d0add67b08848e21efe8607e8ff

    • SHA512

      8b049fdb6405435e1da218c7d21744c599ecc614def4d99e7622457635f32daf0536a68610f23f8c9a3ca1d492dd08df4a0bb19791b8903d013389e506ef5f27

    • SSDEEP

      3072:spLemeTM07RH+Rej3a6BDMua5efCtCgCo8ioXoRz:0LteTL+Rk3a6BDk5UoN8

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks