Overview

overview

10

Static

static

permissible.dll

windows7_x64

10

permissible.dll

windows10_x64

10

Resubmissions

04-09-2020 12:53

200904-3xb1dgk55e 10

05-07-2020 20:48

200705-jsw1l6eblj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    permissible.dll

  • Size

    246KB

  • Sample

    200705-jsw1l6eblj

  • MD5

    061057161259e3df7d12dccb363e56f9

  • SHA1

    1292e9b2ee9d566fe5b475835cc39dafbbb658ba

  • SHA256

    00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2

  • SHA512

    b623b5f1142c560b9f9bc3689a2b53a3acacc93d443a1c2590433d6dc2975e2959243f1b5744720983fbbaa166f25b563b988025f7c4e3e6bf9ff6b720ba11c9

Score
10/10
zloadermain2020-07-02botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-02

C2

https://fopiese.com/web/data

https://dinctov.com/web/data

https://ennaser.com/web/data

https://hyatart.com/web/data

https://bladilk.com/web/data

https://giridly.com/web/data

https://pleclep.com/web/data

https://phanleb.com/web/data
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      permissible.dll

    • Size

      246KB

    • MD5

      061057161259e3df7d12dccb363e56f9

    • SHA1

      1292e9b2ee9d566fe5b475835cc39dafbbb658ba

    • SHA256

      00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2

    • SHA512

      b623b5f1142c560b9f9bc3689a2b53a3acacc93d443a1c2590433d6dc2975e2959243f1b5744720983fbbaa166f25b563b988025f7c4e3e6bf9ff6b720ba11c9

    Score
    10/10
    trojanbotnetzloaderpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks