Zloader
date: 2/26/2021
delivery: email [Subject: Invoicing info294564, Attachment: .DOC with plain text body asking to enable editing, downloads from findinglala[.]com]
persistence: unknown
capabilities (per memory strings): unknown
c2s:
hxxps://timemeaning[.]com/post.php
hxxps://timeremain[.]com/post.php
hxxps://cacesatansingmilk[.]tk/post.php
hxxps://tenlapatevaj[.]tk/post.php
hxxps://toclylene[.]tk/post.php
identification method: twitter replies
special notes: user agent was "MSFrontPage/12.0"
samples:
DOC - https://app.any.run/tasks/4df98427-fb86-4c7f-a082-1a2eb179e214/
links:
https://twitter.com/neonprimetime/status/1365328294674112513
https://tria.ge/210219-g8t2kxnh8e
screenshots:
---------------------------------------------------
