Resubmissions

23-01-2024 11:21

240123-nf6gkaaea6 10

01-07-2020 07:49

200701-87235lf94e 10

General

  • Target

    june30.dll

  • Size

    607KB

  • Sample

    240123-nf6gkaaea6

  • MD5

    086e1c7401f82543d162ebaef816ef35

  • SHA1

    25fbe1ef6ed713011a02cd6fc930105d4f612130

  • SHA256

    b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af

  • SHA512

    be9bd937ef926cab65ada2f4103642993ae1428fa6b9a83f9824cc4f10cb07354954fa948a5d9b2c83ac79f7ac04269d9fb3ac8f21e46c53fdb2b4dd39c726f7

  • SSDEEP

    12288:p+gJA98D0ogyQT7x1wn6UIxsuAmHdbL69ZqQB02iMQ/t:pu8DRgHLC6UyzZWJB02iMQ/

Malware Config

Extracted

Family

zloader

Botnet

june29

Campaign

june

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes
  • build_id

    11

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      june30.dll

    • Size

      607KB

    • MD5

      086e1c7401f82543d162ebaef816ef35

    • SHA1

      25fbe1ef6ed713011a02cd6fc930105d4f612130

    • SHA256

      b8cef342a47915615a35aab7333567db7c86570d4d3362470e19b6d0b3dab1af

    • SHA512

      be9bd937ef926cab65ada2f4103642993ae1428fa6b9a83f9824cc4f10cb07354954fa948a5d9b2c83ac79f7ac04269d9fb3ac8f21e46c53fdb2b4dd39c726f7

    • SSDEEP

      12288:p+gJA98D0ogyQT7x1wn6UIxsuAmHdbL69ZqQB02iMQ/t:pu8DRgHLC6UyzZWJB02iMQ/

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks