Resubmissions

08-12-2023 11:29

231208-nlsgwsbd65 10

08-12-2023 11:20

231208-nfveasbc54 10

31-10-2020 11:20

201031-z3tgqqzt76 10

General

  • Target

    spam20.zip

  • Size

    245KB

  • Sample

    231208-nfveasbc54

  • MD5

    68dba7849a17cedd2a01d83747361977

  • SHA1

    38ed165a12de392dce2ef71b1d03accb59add386

  • SHA256

    81ea4700e1743391fa6b56be2969c944c8451ec81215f7a0cbf88537e4108157

  • SHA512

    5bfed6c349a06f1d674a85a1d4343a7096ff97b400ad53347c44b7753c97a219f9207aedffcf7b7947fdbfddc7c2f63b6c48ce19fe91212684d06a91cfeaeff0

  • SSDEEP

    6144:Me8V9G8P+JAfrJ1sdmO9ieKxY/c3GvCLCe74TIa:Me8Vk8P+JSsALeKxY/PvCj7Ta

Malware Config

Extracted

Family

zloader

Botnet

crypto1

Campaign

crypto

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes
  • build_id

    110

rc4.plain

Targets

    • Target

      spam20.dll

    • Size

      358KB

    • MD5

      6501006a6d47bc73976db9f3385c3c46

    • SHA1

      53082a7fa62dc4fe54586df6a6e481fe8beca1aa

    • SHA256

      c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020

    • SHA512

      df63e60f12d153e16b78464162dbd5d052192a1e09814eb91e21d28256a652ae04eb7ccdaf4022c95c9779edfbe15df7a708717a1c247cfe2d16e8d9f911bf0c

    • SSDEEP

      6144:091kAIgU+wK4UrePimd2jGZFakdU8fLx1tK7IwyBfb7T0Y:090gUQe6dUFHU8pi6xb7T

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks