malware_traffic

2020-09-11 (Friday) - myResume.xls pushes ZLoader (Silent Night)

Sep 11th, 2020
890
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2020-09-11 (FRIDAY) - MYRESUME.XLS PUSHES ZLOADER (SILENT NIGHT)
  2.  
  3. TRAFFIC:
  4.  
  5. - 205.185.113[.]20 port 80 - 205.185.113[.]20 - GET /PRTKfN
  6. - 205.185.113[.]20 port 80 - 205.185.113[.]20 - GET /files/911.dll
  7. - 31.184.253[.]244 port 80 - softwareserviceupdater5[.]com - POST /web/post.php
  8.  
  9. MALWARE:
  10.  
  11. - SHA256 hash: 421cccf7ef2ecd482467b2f470a28707447c39d581d11e39578f4dba4472fd71
  12. - File size: 159,232 bytes
  13. - File name: myResume.xls
  14. - File description: password-protected XLS file with macros for ZLoader (Silent Night)
  15.  
  16. - SHA256 hash: 740577fb4e542f8f73b104ecf8e6890fc5ee3842f5393a9ce728117b11e7d7b3
  17. - File size: 631,808 bytes
  18. - File location: hxxp://205.185.113[.]20/files/911.dll
  19. - File location: C:\IDDCHrk\rWwiyCF\IYFLemb.dll
  20. - File location: C:\Users\[username]\AppData\Roaming\Noexun\ufvou.dll
  21. - File run method: regsvr32.exe /s [filename]
  22. - File description: DLL for ZLoader (Silent Night)
  23.  
RAW Paste Data