zloader | 0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035

General

Target

literary.dll
Size

282KB
Sample

200713-weg1eqpj3x
MD5

2ad76998fa6e595b62a77df8a5fe7e1b
SHA1

8f179f26412a2df01f273796020133d182ee8bba
SHA256

0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
SHA512

99bd1c1070c8a01dc26541ee3da5d218cae362be3d4410af316707339e62df2092fd57ec0eb3b8ec5599b3e54a6eecd28740317b87c90f72d0502444a442983a

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-08

C2

https://zonculet.com/web/data

https://dweandro.com/web/data

https://sweleger.com/web/data

https://cromecho.com/web/data

https://wunchilm.com/web/data

https://odoncrol.com/web/data

https://amemooll.org/web/data

https://urecheng.org/web/data

https://wiliefax.org/web/data

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  literary.dll
- Size
  
  282KB
- MD5
  
  2ad76998fa6e595b62a77df8a5fe7e1b
- SHA1
  
  8f179f26412a2df01f273796020133d182ee8bba
- SHA256
  
  0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
- SHA512
  
  99bd1c1070c8a01dc26541ee3da5d218cae362be3d4410af316707339e62df2092fd57ec0eb3b8ec5599b3e54a6eecd28740317b87c90f72d0502444a442983a
Score

10^/10

trojan botnet zloader persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2