General

  • Target

    271680d72e97c7ee7936ffc8e994f708.exe

  • Size

    689KB

  • Sample

    240105-nxb92sahaj

  • MD5

    271680d72e97c7ee7936ffc8e994f708

  • SHA1

    f39d2ed351771f80e3cd9f19a7cd30eee2460e70

  • SHA256

    6435db4782e79e8dd7417aa590b965abf468c5caa9d37ed7aa9467177ad804f7

  • SHA512

    dd03c49996e09a52e1eea57d1388bf194d728f4e5f28527128add9a929857ba783d82c7189794258e8b32394a1fd4334fbefad81bde8dd4bfc798362900d4bfe

  • SSDEEP

    6144:ueyXB/ISOdA5cIEFatAIG1YA4yv4eMOVQZY5Fy8rfjuUeinhnBCh:BGISOd2ftA9YkVoZYPy8rfjuUeinhnB2

Malware Config

Extracted

Family

zloader

Botnet

ivan

Campaign

ivan

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      271680d72e97c7ee7936ffc8e994f708.exe

    • Size

      689KB

    • MD5

      271680d72e97c7ee7936ffc8e994f708

    • SHA1

      f39d2ed351771f80e3cd9f19a7cd30eee2460e70

    • SHA256

      6435db4782e79e8dd7417aa590b965abf468c5caa9d37ed7aa9467177ad804f7

    • SHA512

      dd03c49996e09a52e1eea57d1388bf194d728f4e5f28527128add9a929857ba783d82c7189794258e8b32394a1fd4334fbefad81bde8dd4bfc798362900d4bfe

    • SSDEEP

      6144:ueyXB/ISOdA5cIEFatAIG1YA4yv4eMOVQZY5Fy8rfjuUeinhnBCh:BGISOd2ftA9YkVoZYPy8rfjuUeinhnB2

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks