General

  • Target

    c7663882fa3b46b2c6891c9e1b115947

  • Size

    520KB

  • Sample

    231222-ryjx3aecd5

  • MD5

    c7663882fa3b46b2c6891c9e1b115947

  • SHA1

    85ea0744575b4118c2cdba01f1d5a31b1a5867e9

  • SHA256

    6826c4062dbe85a036f22fb3ee3b7d62da7890b838cfeb3cb1d4b8ccbd32a12f

  • SHA512

    160f08511701740eb33bd620e6436986b4ff54692a30068df3ff1abe619a0e4a54aaa2b869f80723b222d746adab79261c34d1df80a02ebc25ba370229e0a104

  • SSDEEP

    12288:TwiHA7XwRDCnt1lID75Y63DumlkY5zGY/oe0XFDMpPyXz:TwiHALwtCnt7K7HDumqY5zGkZ0SZyD

Malware Config

Extracted

Family

zloader

Botnet

vasja

Campaign

vasja

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      c7663882fa3b46b2c6891c9e1b115947

    • Size

      520KB

    • MD5

      c7663882fa3b46b2c6891c9e1b115947

    • SHA1

      85ea0744575b4118c2cdba01f1d5a31b1a5867e9

    • SHA256

      6826c4062dbe85a036f22fb3ee3b7d62da7890b838cfeb3cb1d4b8ccbd32a12f

    • SHA512

      160f08511701740eb33bd620e6436986b4ff54692a30068df3ff1abe619a0e4a54aaa2b869f80723b222d746adab79261c34d1df80a02ebc25ba370229e0a104

    • SSDEEP

      12288:TwiHA7XwRDCnt1lID75Y63DumlkY5zGY/oe0XFDMpPyXz:TwiHALwtCnt7K7HDumqY5zGkZ0SZyD

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks