Resubmissions

08-12-2023 09:55

231208-lx8bdaae24 10

05-02-2022 10:42

220205-mrwwtsagan 10

General

  • Target

    be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45

  • Size

    472KB

  • Sample

    231208-lx8bdaae24

  • MD5

    f500b424c560f00ccd993a46e4b9fcfa

  • SHA1

    d1da2bb6a020462d5d7ac6301395e10d2acb6b17

  • SHA256

    be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45

  • SHA512

    65018b4c441db4b618a988cb6d9fa46bcfd2754af244e9d1d309295ba1d2477dd1ea6609214bc7d725b3576b4232c81fa260873357652b89529f0dabd6fd14d0

  • SSDEEP

    12288:zayK7dYtaR2FV9DAuuasxaunyIVTyMAzj:zxPta+jmnlVTIzj

Malware Config

Extracted

Family

zloader

Botnet

April24misha

Campaign

April24misha

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

Attributes
  • build_id

    122

rc4.plain

Targets

    • Target

      be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45

    • Size

      472KB

    • MD5

      f500b424c560f00ccd993a46e4b9fcfa

    • SHA1

      d1da2bb6a020462d5d7ac6301395e10d2acb6b17

    • SHA256

      be3d1522f968ad7cc46a996a64b5e5be8044075f6bd1784046e46671bf416b45

    • SHA512

      65018b4c441db4b618a988cb6d9fa46bcfd2754af244e9d1d309295ba1d2477dd1ea6609214bc7d725b3576b4232c81fa260873357652b89529f0dabd6fd14d0

    • SSDEEP

      12288:zayK7dYtaR2FV9DAuuasxaunyIVTyMAzj:zxPta+jmnlVTIzj

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks