General

  • Target

    348d6fd40a9e79a681048999873af548

  • Size

    242KB

  • Sample

    231231-np7qzshgb6

  • MD5

    348d6fd40a9e79a681048999873af548

  • SHA1

    069f292e298dabc97a7946c25b8833abf0783dc1

  • SHA256

    6819b89e1dba92ee4c6eaa7e35880a6d8e1b51047ec4fed392d29a9aeb8e36b7

  • SHA512

    7d75ff10763fbf72f0b6a13dbb8f429b6820379f118afd303dad2e2e9c358ea1d220a3afe05d5d949608ee39135f86b27dede86c9062b0ee5b98d0b1591b001e

  • SSDEEP

    6144:ZxCiChT9gxwFEmD3bd9IyGc+9vEq98HEotdQEkFNvJh:ZxCz9tFfD3xT+cq9QdQdFNvn

Malware Config

Extracted

Family

zloader

Botnet

ivan

Campaign

ivan

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      348d6fd40a9e79a681048999873af548

    • Size

      242KB

    • MD5

      348d6fd40a9e79a681048999873af548

    • SHA1

      069f292e298dabc97a7946c25b8833abf0783dc1

    • SHA256

      6819b89e1dba92ee4c6eaa7e35880a6d8e1b51047ec4fed392d29a9aeb8e36b7

    • SHA512

      7d75ff10763fbf72f0b6a13dbb8f429b6820379f118afd303dad2e2e9c358ea1d220a3afe05d5d949608ee39135f86b27dede86c9062b0ee5b98d0b1591b001e

    • SSDEEP

      6144:ZxCiChT9gxwFEmD3bd9IyGc+9vEq98HEotdQEkFNvJh:ZxCz9tFfD3xT+cq9QdQdFNvn

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks