Resubmissions

18-05-2024 14:39

240518-r1dttsgc3s 6

General

  • Target

    4d68507752275a8607502b0ae14ef9a1_JaffaCakes118

  • Size

    268KB

  • Sample

    240516-2tpb4acf4v

  • MD5

    4d68507752275a8607502b0ae14ef9a1

  • SHA1

    4e13b8267ca39e41b9dbf88dc3123fed37e409c0

  • SHA256

    6fee95a3e283d9ad09a399e99b086ef70c3679eb8ad548161bdfababe3da68fb

  • SHA512

    bbebbd027af9e953141efecbfde31137735d58e54ff26966475570c7414ddc03ee53636011fad404d60c8df0031a79d5f2b858819ded59428ead93a5d9732849

  • SSDEEP

    6144:dI4M7nO35HbqtMFurLa8BqUlv8TqE4TvLOJ5tEpo6LlE7:aj6qsE8UVk4TotEpNLlE

Malware Config

Extracted

Family

zloader

Botnet

saca

Campaign

adw2

C2

https://thoughtlibrary.top/library/topikpost.php

https://islacangrejo.fun/library/topikpost.php

Attributes
  • build_id

    1970759022

rc4.plain

Targets

    • Target

      4d68507752275a8607502b0ae14ef9a1_JaffaCakes118

    • Size

      268KB

    • MD5

      4d68507752275a8607502b0ae14ef9a1

    • SHA1

      4e13b8267ca39e41b9dbf88dc3123fed37e409c0

    • SHA256

      6fee95a3e283d9ad09a399e99b086ef70c3679eb8ad548161bdfababe3da68fb

    • SHA512

      bbebbd027af9e953141efecbfde31137735d58e54ff26966475570c7414ddc03ee53636011fad404d60c8df0031a79d5f2b858819ded59428ead93a5d9732849

    • SSDEEP

      6144:dI4M7nO35HbqtMFurLa8BqUlv8TqE4TvLOJ5tEpo6LlE7:aj6qsE8UVk4TotEpNLlE

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks