zloader | 5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc

General

Target

hallway.dll
Size

275KB
Sample

200702-h2ptdexvwj
MD5

847ea7a7e9c3c6da5c3602a79bf7fb0b
SHA1

67537586d23f59a1fae91f90da6026d2920945d7
SHA256

5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
SHA512

b5f5bad180b478dcda2cd870de0499f0c9891157dd6ad8c2120e422856215138a0ce0b0e8eda065a6852992a8675c0af3f856584b32b946cf020f69e4b537480

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-01

C2

https://findulz.com/web/data

https://fredoam.com/web/data

https://cheneer.org/web/data

https://esplody.org/web/data

https://orderrys.com/web/data

https://paiancil.com/web/data

https://procinul.com/web/data

https://cupersip.com/web/data

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  hallway.dll
- Size
  
  275KB
- MD5
  
  847ea7a7e9c3c6da5c3602a79bf7fb0b
- SHA1
  
  67537586d23f59a1fae91f90da6026d2920945d7
- SHA256
  
  5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
- SHA512
  
  b5f5bad180b478dcda2cd870de0499f0c9891157dd6ad8c2120e422856215138a0ce0b0e8eda065a6852992a8675c0af3f856584b32b946cf020f69e4b537480
Score

10^/10

trojan botnet zloader persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2