General

  • Target

    56079ea11cb3fce2a34fdf0a81deecc5

  • Size

    409KB

  • Sample

    240112-kxgb8achfl

  • MD5

    56079ea11cb3fce2a34fdf0a81deecc5

  • SHA1

    38475dc6871d88b3c9070f4e55f8c44a07b7dca3

  • SHA256

    c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a

  • SHA512

    62881541d2f549475cb3a2026c1f53b2704834a5b5b2af154135b328347de690a4e4b23f047db85745a4b106b7ba541a854f91e0a8ff21255cb5df47aeda4e50

  • SSDEEP

    12288:jS5WNqciJOAzgUOksgh/Zuss/p5V0noFJwhNUy:jS5WNqM1UOqFZusIpYe

Malware Config

Extracted

Family

zloader

Botnet

hvnc

Campaign

hvnc

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      56079ea11cb3fce2a34fdf0a81deecc5

    • Size

      409KB

    • MD5

      56079ea11cb3fce2a34fdf0a81deecc5

    • SHA1

      38475dc6871d88b3c9070f4e55f8c44a07b7dca3

    • SHA256

      c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a

    • SHA512

      62881541d2f549475cb3a2026c1f53b2704834a5b5b2af154135b328347de690a4e4b23f047db85745a4b106b7ba541a854f91e0a8ff21255cb5df47aeda4e50

    • SSDEEP

      12288:jS5WNqciJOAzgUOksgh/Zuss/p5V0noFJwhNUy:jS5WNqM1UOqFZusIpYe

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

MITRE ATT&CK Matrix

Tasks