Resubmissions

23-01-2024 11:22

240123-ngnyxaaea7 10

29-06-2020 15:36

200629-evyae4waax 10

General

  • Target

    june29.dll

  • Size

    573KB

  • Sample

    240123-ngnyxaaea7

  • MD5

    33a58437b5bc8f91e08960d2faa5f559

  • SHA1

    f015e16c3847edd004aba53f358fe43b28c4f818

  • SHA256

    dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa

  • SHA512

    0fa6349def8590aafc8badf198d1abc7e9f906eec5852088270e2ba11986a918ad6b620c2a545def82c694f340e05ed3a3ad89deb780cc7a23ead1b3f1930f42

  • SSDEEP

    12288:wqZWueyN5dS3ioH+5hM+2lraLDjxBRQPe1ZFeg7fQ5om6tc:wqZreyN5derQ/bRrZFdkM

Malware Config

Extracted

Family

zloader

Botnet

june29

Campaign

june

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes
  • build_id

    11

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      june29.dll

    • Size

      573KB

    • MD5

      33a58437b5bc8f91e08960d2faa5f559

    • SHA1

      f015e16c3847edd004aba53f358fe43b28c4f818

    • SHA256

      dd84bd6db3500e786976d5c10fd2388a46dd5c34f79abd5dff624b9a568637aa

    • SHA512

      0fa6349def8590aafc8badf198d1abc7e9f906eec5852088270e2ba11986a918ad6b620c2a545def82c694f340e05ed3a3ad89deb780cc7a23ead1b3f1930f42

    • SSDEEP

      12288:wqZWueyN5dS3ioH+5hM+2lraLDjxBRQPe1ZFeg7fQ5om6tc:wqZreyN5derQ/bRrZFdkM

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks