Resubmissions

08-12-2023 11:25

231208-njeg9abd25 10

31-10-2020 10:26

201031-67r2e9htne 10

General

  • Target

    april17.zip

  • Size

    339KB

  • Sample

    231208-njeg9abd25

  • MD5

    2b9dbe477989a3423cc772bfec1ccd24

  • SHA1

    dc61fa01eb809375185d2f9ffe39b0f689829c83

  • SHA256

    5a5948b7d3be846d561f5b6631715e3ab3f25b129519b2305a18b6169372fb9a

  • SHA512

    4bdf00ce026015ab22afd3158ce54c7900ad978cd50285d386bb91beb06b0050ecfa4b0cef25d68874a92af400434fb5a3c4707a2c0d146e087b93cc24ce2185

  • SSDEEP

    6144:qUJd+IOxlSmWZBDU8+R35RyEQQllsRT83reYyYj+78+tMIpfef9K6Y:ZJoIGlSmi7C5RyEQQI98QYj89ef9K6Y

Malware Config

Extracted

Family

zloader

Botnet

apr17

Campaign

spam

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes
  • build_id

    108

rc4.plain

Targets

    • Target

      april17.dll

    • Size

      446KB

    • MD5

      cd39fa1ea4f0c4c9c2dd8492ff597250

    • SHA1

      8bae4934e78c738ed60f631bc67db34604d35818

    • SHA256

      372bae872e2a2180f04ff14f8fb9f769d733cb4608d37e2bf6e61fee5d396018

    • SHA512

      a0d3d131f1be227c6617fdea3a79c0c07427fa855273534951cd6da87d49a7fabf636ae4e109541e680536920fb2a4cfc48b961ff10e2ad13e81adb396dc1371

    • SSDEEP

      6144:t1/Zy7Ge5qC9axTeJNZ/AuVEpsm8uchgwgKFV0HgdLtF23JQUWjlRdvJ:tZ33fiNZI6m4330HQf24dvJ

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks