Resubmissions

08-12-2023 10:29

231208-mjmm7aaf64 10

04-03-2021 12:26

210304-3wfljytl3s 10

General

  • Target

    todxofs.dll

  • Size

    421KB

  • Sample

    231208-mjmm7aaf64

  • MD5

    f40160b2cfe0667cb4010a400a835a06

  • SHA1

    976c70ede8d10e825cb9e5bd5da0dd2a251bd0e8

  • SHA256

    d63088780e90eda6a7ce286d6b190614f0ea6f1f55c6e6e9d6a30260eb84d03c

  • SHA512

    e919819cdc45b2ed93c69f3f0267698940ee316707f6a722697100bfa79da9d277667c0276f36ba47f62dea8855e18e0e8ffaf5a708b369d73d2961b9fdfc3b4

  • SSDEEP

    6144:tZXN7Sgy8WA3gha780p2F2V6voOy5Gn7n0O8N5WYeXmseY1rmWd2KWJ:tjSgyhA30a78rQqIN5te20qWd2KWJ

Malware Config

Extracted

Family

zloader

Botnet

April23Fixed

Campaign

April23Fixed

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

Attributes
  • build_id

    120

rc4.plain

Targets

    • Target

      todxofs.dll

    • Size

      421KB

    • MD5

      f40160b2cfe0667cb4010a400a835a06

    • SHA1

      976c70ede8d10e825cb9e5bd5da0dd2a251bd0e8

    • SHA256

      d63088780e90eda6a7ce286d6b190614f0ea6f1f55c6e6e9d6a30260eb84d03c

    • SHA512

      e919819cdc45b2ed93c69f3f0267698940ee316707f6a722697100bfa79da9d277667c0276f36ba47f62dea8855e18e0e8ffaf5a708b369d73d2961b9fdfc3b4

    • SSDEEP

      6144:tZXN7Sgy8WA3gha780p2F2V6voOy5Gn7n0O8N5WYeXmseY1rmWd2KWJ:tjSgyhA30a78rQqIN5te20qWd2KWJ

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks