Resubmissions

24-01-2024 07:41

240124-jh881sdbd8 10

23-01-2024 11:54

240123-n22qhahhfj 10

24-06-2020 14:53

200624-jtkdx94cps 10

General

  • Target

    SecuriteInfo.com.Variant.Johnnie.255811.4892.11381

  • Size

    424KB

  • Sample

    240124-jh881sdbd8

  • MD5

    fc33761a594599efe5617c8359531b38

  • SHA1

    c85e06833ba3a037e3685dd05308ef98e2c72e82

  • SHA256

    c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e

  • SHA512

    5566c9fbf50ad90db1b6f0ef66e56273acfe64d4855caf818ec1caf208016688c64cef75bfd58e1dcf2883a99576a717a26c39e55af003dd87d15eb2c4ed6824

  • SSDEEP

    6144:kQ0fpRug1NzpAhY2Zgi1ny2YT2oqCesyq+V6pDDW3FdREH5gH+xWz1:kQ0Rsg58Yti9y2voyskVmO3BlH+W

Malware Config

Extracted

Family

zloader

Botnet

June18newret

Campaign

June

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes
  • build_id

    3

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      SecuriteInfo.com.Variant.Johnnie.255811.4892.11381

    • Size

      424KB

    • MD5

      fc33761a594599efe5617c8359531b38

    • SHA1

      c85e06833ba3a037e3685dd05308ef98e2c72e82

    • SHA256

      c8b452572f409a7d0752734334371c900983c8e15cbf8299bda7fe7a33a1047e

    • SHA512

      5566c9fbf50ad90db1b6f0ef66e56273acfe64d4855caf818ec1caf208016688c64cef75bfd58e1dcf2883a99576a717a26c39e55af003dd87d15eb2c4ed6824

    • SSDEEP

      6144:kQ0fpRug1NzpAhY2Zgi1ny2YT2oqCesyq+V6pDDW3FdREH5gH+xWz1:kQ0Rsg58Yti9y2voyskVmO3BlH+W

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks