zloader | 692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96 | Triage

Resubmissions

04-03-2021 12:53

210304-xck4l4syjs 10

12-05-2020 16:48

200512-fh9ngk8kpj 10

Sharing

General

Target

x.dll
Size

800KB
Sample

200512-fh9ngk8kpj
MD5

c1366b1afc57e2fca68501345bbd4ba0
SHA1

1dbbc632e2b10918c322ed0e761661fbe690d43e
SHA256

692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96
SHA512

ad290473ef61838d67fbf2812d381519b1fabbb50e15c088cd45fe6ea4d9d27ed6615bbffb459dccfdad116706989c881db96fceeef9a94180310c5db5c3b80c

Score

10^/10

zloader botnet evasion persistence spyware trojan

Malware Config

Targets

- Target
  
  x.dll
- Size
  
  800KB
- MD5
  
  c1366b1afc57e2fca68501345bbd4ba0
- SHA1
  
  1dbbc632e2b10918c322ed0e761661fbe690d43e
- SHA256
  
  692c58e28e0f0346adfbad2356dd8495ec8f07718ee40db171b50e8870526f96
- SHA512
  
  ad290473ef61838d67fbf2812d381519b1fabbb50e15c088cd45fe6ea4d9d27ed6615bbffb459dccfdad116706989c881db96fceeef9a94180310c5db5c3b80c
Score

10^/10

trojan botnet zloader evasion spyware persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies system certificate store
  evasion spyware trojan
- Modifies service
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Credentials in Files

Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbotnetzloaderevasionspywarepersistence

behavioral2

trojanbotnetzloaderspyware