Resubmissions

08-12-2023 09:45

231208-lq6tzaad79 10

05-02-2022 17:17

220205-vtswysdfc3 10

General

  • Target

    2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9

  • Size

    358KB

  • Sample

    231208-lq6tzaad79

  • MD5

    8bb66e279a58af871180adbb29e41f4f

  • SHA1

    446cfe9fa815951085e4e587dd272911b9e5d32b

  • SHA256

    2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9

  • SHA512

    bb114ac54bcc95f1b465ec33400eead469ca97b5f9b8115bc9eb8016f07fa568cf2d0ef570d3f7b1301a44f1daf19b4c8e279fab892facd750601a45b6788204

  • SSDEEP

    6144:091kAIgU+wKjUrePimd2jGZFakdU8fLx1tK7IwyBfb7T0Y:090gUBe6dUFHU8pi6xb7T

Malware Config

Extracted

Family

zloader

Botnet

crypto1

Campaign

crypto

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes
  • build_id

    110

rc4.plain

Targets

    • Target

      2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9

    • Size

      358KB

    • MD5

      8bb66e279a58af871180adbb29e41f4f

    • SHA1

      446cfe9fa815951085e4e587dd272911b9e5d32b

    • SHA256

      2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9

    • SHA512

      bb114ac54bcc95f1b465ec33400eead469ca97b5f9b8115bc9eb8016f07fa568cf2d0ef570d3f7b1301a44f1daf19b4c8e279fab892facd750601a45b6788204

    • SSDEEP

      6144:091kAIgU+wKjUrePimd2jGZFakdU8fLx1tK7IwyBfb7T0Y:090gUBe6dUFHU8pi6xb7T

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks