zloader | 815d71524ed41e28a38222c821ce848ae6e6b925c0ea620d5bdc1aa66e58fa73 | Triage

Submit
Reports

Overview

overview

Static

static

8

inv_281.xls

windows7_x64

6

inv_281.xls

windows10_x64

Sharing

General

Target

inv_281.xls
Size

283KB
Sample

200625-e176xkzzea
MD5

9f0fbc1d2351ee426c0c715bb9688612
SHA1

49d5be159725054c28e671f3004edf2e5d9e1bcd
SHA256

815d71524ed41e28a38222c821ce848ae6e6b925c0ea620d5bdc1aa66e58fa73
SHA512

6ebf7d1dfd0fc780cbe1dab535f1d52cf2e795cc67e3e12406ee8b0a9aac946deed8d2d7b0ccb649fc6ee442ca857ec17b5f7c657fe5c967187f869e41086a56

Score

10^/10

zloader id1 spam botnet macro trojan

Static task

static1

Behavioral task

behavioral1

Sample

inv_281.xls

Resource

win7

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

inv_281.xls

Resource

win10v200430

trojan botnet zloader

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

zloader

Botnet

id1

Campaign

spam

C2

https://axisbasis.xyz/data.php

Ts72YjsjO5TghE6m

eX�A�ץ�K8�z�d�or��"t��r�҂.�ߨ=��FE�hI�j��En�PsO��<��M �KN��;4�Y �8��\ �q��8Gp�;�pm!g

rc4.plain

Targets

- Target
  
  inv_281.xls
- Size
  
  283KB
- MD5
  
  9f0fbc1d2351ee426c0c715bb9688612
- SHA1
  
  49d5be159725054c28e671f3004edf2e5d9e1bcd
- SHA256
  
  815d71524ed41e28a38222c821ce848ae6e6b925c0ea620d5bdc1aa66e58fa73
- SHA512
  
  6ebf7d1dfd0fc780cbe1dab535f1d52cf2e795cc67e3e12406ee8b0a9aac946deed8d2d7b0ccb649fc6ee442ca857ec17b5f7c657fe5c967187f869e41086a56
Score

10^/10

trojan botnet zloader
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Loads dropped DLL
- Process spawned suspicious child process
  This child process is typically not spawned unless (for example) the parent process crashes. This typically indicates the parent process was unsuccessfully compromised.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

trojanbotnetzloader

© 2018-2024

Terms | Privacy