Overview

overview

10

Static

static

swordfish.dll

windows7_x64

10

swordfish.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swordfish.dll

  • Size

    291KB

  • Sample

    200707-t9c38ewp2s

  • MD5

    837a0d0ad7d8d3a00cfb459da61009bc

  • SHA1

    80da690f6de605e01df655445ab9717e2d1242f1

  • SHA256

    56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81

  • SHA512

    a064fc0bbc98fdea3156febaf48f8989f343fb82533a66dc470605690d2fc2c72a944d7961a6f984498990727efbaaea3cd253d0388460414c98e989d7ce4969

Score
10/10
zloadermain2020-07-06botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-06

C2

https://giridly.com/web/data

https://pleclep.com/web/data

https://phanleb.com/web/data

https://zonculet.com/web/data

https://dweandro.com/web/data

https://sweleger.com/web/data

https://cromecho.com/web/data

https://wunchilm.com/web/data

https://odoncrol.com/web/data
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      swordfish.dll

    • Size

      291KB

    • MD5

      837a0d0ad7d8d3a00cfb459da61009bc

    • SHA1

      80da690f6de605e01df655445ab9717e2d1242f1

    • SHA256

      56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81

    • SHA512

      a064fc0bbc98fdea3156febaf48f8989f343fb82533a66dc470605690d2fc2c72a944d7961a6f984498990727efbaaea3cd253d0388460414c98e989d7ce4969

    Score
    10/10
    trojanbotnetzloaderpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks