Resubmissions

09-11-2020 20:43

201109-j4enps2882 10

General

  • Target

    june9.dll

  • Size

    491KB

  • Sample

    231208-mylpfacb3w

  • MD5

    ac14aff179621af15cee44be450abeaf

  • SHA1

    506f12db29a31402f06d0ba84c359d6b20b6ab2f

  • SHA256

    0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5

  • SHA512

    7a8419a80c41c453ee7f1b9ea483c6eb83f80a02500983aad3e519ea59a46f68ed3f316073869ea5e01c1e46eedac92a36a5ba958995e60ee767e64669f1f25c

  • SSDEEP

    12288:uDKxKMk8ChMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8IMNYnGOSSjgW41QEv1aO

Malware Config

Extracted

Family

zloader

Botnet

June08

Campaign

June

C2

http://snnmnkxdhflwgthqismb.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

Attributes
  • build_id

    149

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      june9.dll

    • Size

      491KB

    • MD5

      ac14aff179621af15cee44be450abeaf

    • SHA1

      506f12db29a31402f06d0ba84c359d6b20b6ab2f

    • SHA256

      0829886e0ca34a32fa545e0a53d7a2208d963b7b826a14aefde94d9ff4f549e5

    • SHA512

      7a8419a80c41c453ee7f1b9ea483c6eb83f80a02500983aad3e519ea59a46f68ed3f316073869ea5e01c1e46eedac92a36a5ba958995e60ee767e64669f1f25c

    • SSDEEP

      12288:uDKxKMk8ChMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8IMNYnGOSSjgW41QEv1aO

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks