General

  • Target

    74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533.exe

  • Size

    194KB

  • Sample

    240821-b7d56sxhkn

  • MD5

    09874cbb134851ff3b971960916ce5bb

  • SHA1

    42d32698f9513024f024eb6d1efcd9532ac1f622

  • SHA256

    74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533

  • SHA512

    502189cc108e8c8034d957a9b6b32c29731f9a4d0811ffd147ab3ff516144521c77234c1d114694b070965c4300f36410b607828cb961c56649e04cdd697ee05

  • SSDEEP

    3072:+ELHCmCilCQ9khN5/empqIDq2mKtku4V6TQX6jk8Z/lFcXqR6U:+ELIZQ9kz5/em/DqxKSgTQY3qtU

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes
  • build_id

    125

rc4.plain
1
e858071ef441a9a66f1a0506fc20b8c3
rsa_pubkey.plain
1
-----BEGIN PUBLIC KEY-----
2
MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgHpFzCGFAP0unkZ2zHNtVYQsOAsR
3
e2ENNwJ8gkPfbj9t6WQ9dCAGalAGg7auX/u2ZhvlmUtM4o9cN5t5P6N3Lkcdpfs8
4
nutVvaHHDS2kfSMfNGBGCZyrKHW0prtiBPlCwM6Cis3KVTjp1MUcSAgKHsPbGeSX
5
pMsguw2fOZhNdlizAgMBAAE=
6
-----END PUBLIC KEY-----

Targets

    • Target

      74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533.exe

    • Size

      194KB

    • MD5

      09874cbb134851ff3b971960916ce5bb

    • SHA1

      42d32698f9513024f024eb6d1efcd9532ac1f622

    • SHA256

      74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533

    • SHA512

      502189cc108e8c8034d957a9b6b32c29731f9a4d0811ffd147ab3ff516144521c77234c1d114694b070965c4300f36410b607828cb961c56649e04cdd697ee05

    • SSDEEP

      3072:+ELHCmCilCQ9khN5/empqIDq2mKtku4V6TQX6jk8Z/lFcXqR6U:+ELIZQ9kz5/em/DqxKSgTQY3qtU

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.