Resubmissions

08-12-2023 10:30

231208-mj7y5aaf75 10

13-03-2022 04:08

220313-eqel6aeddm 1

General

  • Target

    zloader.dll

  • Size

    472KB

  • Sample

    231208-mj7y5aaf75

  • MD5

    dea7ef874f21922114e030ab165635e4

  • SHA1

    478431cb35563783340cbfd69f5eef74a808f5bf

  • SHA256

    d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902

  • SHA512

    eab49f24a3b6772dcf753bd31119eb1c3d863c15dfce577fcd52c2688d18364d6708e40f53d76bf59747f592ada8b71be24f4bb52fb69ebbc07927fe0bee60fe

  • SSDEEP

    12288:zayq7dYtaR2FV9DAuuasxaunyIVTyMAzj:zxvta+jmnlVTIzj

Malware Config

Extracted

Family

zloader

Botnet

April24misha

Campaign

April24misha

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

Attributes
  • build_id

    122

rc4.plain

Targets

    • Target

      zloader.dll

    • Size

      472KB

    • MD5

      dea7ef874f21922114e030ab165635e4

    • SHA1

      478431cb35563783340cbfd69f5eef74a808f5bf

    • SHA256

      d538dfafbdf6ac115c24dbdd68c65dbef6460808dd2c4f3fc01d5e15bfc2f902

    • SHA512

      eab49f24a3b6772dcf753bd31119eb1c3d863c15dfce577fcd52c2688d18364d6708e40f53d76bf59747f592ada8b71be24f4bb52fb69ebbc07927fe0bee60fe

    • SSDEEP

      12288:zayq7dYtaR2FV9DAuuasxaunyIVTyMAzj:zxvta+jmnlVTIzj

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks