General

  • Target

    c43c3c195e838ef81a36c1434fa7395c_JaffaCakes118

  • Size

    952KB

  • Sample

    241204-y627yavphn

  • MD5

    c43c3c195e838ef81a36c1434fa7395c

  • SHA1

    c9accdc1204579d13440df22e4892fcc2082dc7c

  • SHA256

    24c57cf9a9fd72827ced5f95796cf333089f076c660bf06b5e7d071a4d5fc102

  • SHA512

    5ec2613176ddf8ca9ae331823cb7b62d436ea007850e60a9aeeee0bf23c827a2e3c1eb422594bdd3ec4c86f7688d91f3e8a3c6b2435c46078069c53947a1739f

  • SSDEEP

    12288:8ioQBrcKxHPULy+QVo5XeT8zZlmVlC+Q2cjQ7CJXPcq9y:89Q9cKxHo55Og9lU4xo

Malware Config

Extracted

Family

zloader

Botnet

vasja

Campaign

vasja

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      c43c3c195e838ef81a36c1434fa7395c_JaffaCakes118

    • Size

      952KB

    • MD5

      c43c3c195e838ef81a36c1434fa7395c

    • SHA1

      c9accdc1204579d13440df22e4892fcc2082dc7c

    • SHA256

      24c57cf9a9fd72827ced5f95796cf333089f076c660bf06b5e7d071a4d5fc102

    • SHA512

      5ec2613176ddf8ca9ae331823cb7b62d436ea007850e60a9aeeee0bf23c827a2e3c1eb422594bdd3ec4c86f7688d91f3e8a3c6b2435c46078069c53947a1739f

    • SSDEEP

      12288:8ioQBrcKxHPULy+QVo5XeT8zZlmVlC+Q2cjQ7CJXPcq9y:89Q9cKxHo55Og9lU4xo

    • Zloader family

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks