Resubmissions

23-01-2024 11:25

240123-njkn9saeb5 10

26-06-2020 08:43

200626-2199vtd32x 10

General

  • Target

    JEsNEuI.dll

  • Size

    356KB

  • Sample

    240123-njkn9saeb5

  • MD5

    9eea7a0571baf33fa6877e8f8ebb3ad7

  • SHA1

    9a7738f3f73d78d9fe18ba5401081d27f4222c8d

  • SHA256

    121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e

  • SHA512

    90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94

  • SSDEEP

    6144:IOA9EZYHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZgAFPtkI751OnrRbOJ1P

Malware Config

Extracted

Family

zloader

Botnet

june25

Campaign

june

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes
  • build_id

    9

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      JEsNEuI.dll

    • Size

      356KB

    • MD5

      9eea7a0571baf33fa6877e8f8ebb3ad7

    • SHA1

      9a7738f3f73d78d9fe18ba5401081d27f4222c8d

    • SHA256

      121d7fc3a0a43a6ef4b73f564175b92727281155b221ff6f34c00d73438b679e

    • SHA512

      90b6440f8c0fd2946eb5e47882aaf6b608fc900e9684daf4da74579d8863e83d26be7d27e2e074a98fdf631f2e9d44bc3e79a619ef88db009ade73516afa3e94

    • SSDEEP

      6144:IOA9EZYHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZgAFPtkI751OnrRbOJ1P

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks