Resubmissions

23-01-2024 11:22

240123-ng2j1ahgel 10

26-06-2020 17:36

200626-xs19z3xc5a 10

General

  • Target

    SecuriteInfo.com.BScope.TrojanSpy.Ursnif.27559

  • Size

    426KB

  • Sample

    240123-ng2j1ahgel

  • MD5

    95d3b622d696c1a31dbef624a2e47163

  • SHA1

    8a1c5a4f794af421e7b54471ed7f4a62212721a0

  • SHA256

    f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803

  • SHA512

    c3ac8a246e7d769faa21f330c5c0a0fef4c4e33a6875478e43ee891f367e90fee3ea657b08ba338f6263e38b17efe69b7c5c1c86167afc871b9a20f251fd67d1

  • SSDEEP

    6144:gJf9uWKIWhnuEbXDcQ/MUF0140znw+i/ZEOEHDLDXRYWQ:g6Jhu0IQ/MUwcDENTQ

Malware Config

Extracted

Family

zloader

Botnet

june26

Campaign

june

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes
  • build_id

    10

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.BScope.TrojanSpy.Ursnif.27559

    • Size

      426KB

    • MD5

      95d3b622d696c1a31dbef624a2e47163

    • SHA1

      8a1c5a4f794af421e7b54471ed7f4a62212721a0

    • SHA256

      f84e08a4d83f63cb37f7117f401c242ecbd3ebbd6b7a12fb99332bcf5950f803

    • SHA512

      c3ac8a246e7d769faa21f330c5c0a0fef4c4e33a6875478e43ee891f367e90fee3ea657b08ba338f6263e38b17efe69b7c5c1c86167afc871b9a20f251fd67d1

    • SSDEEP

      6144:gJf9uWKIWhnuEbXDcQ/MUF0140znw+i/ZEOEHDLDXRYWQ:g6Jhu0IQ/MUwcDENTQ

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks