zloader | b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971

General

Target

updateme.dll
Size

157KB
Sample

200828-ng2p7q4gbn
MD5

c182f4b04f4c0b361c0792f9e75621b2
SHA1

4026c3deb1203f6ee5afed71233b888e6f9b393a
SHA256

b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
SHA512

f97ef84dea027e4b9b68c10f1eb599545f8d742698c5a85352460993ec080a14a80b345328c3511e937d7e9797a447b0f47b03b7cb87094ee63788d159a9f2ac

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

dllsobaka

C2

https://fsakfiasjmls000kjajs.online/gate.php

https://fsakf111iasjmlskjajs.online/gate.php

https://fsakfiasjml333skjajs.online/gate.php

https://fsakf11iasjml333skjajs.online/gate.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  updateme.dll
- Size
  
  157KB
- MD5
  
  c182f4b04f4c0b361c0792f9e75621b2
- SHA1
  
  4026c3deb1203f6ee5afed71233b888e6f9b393a
- SHA256
  
  b866a18458d22f3c362eb9db308ccbbe80ad1a1ef04d9f1c8ba6d3c66ccd4971
- SHA512
  
  f97ef84dea027e4b9b68c10f1eb599545f8d742698c5a85352460993ec080a14a80b345328c3511e937d7e9797a447b0f47b03b7cb87094ee63788d159a9f2ac
Score

10^/10

persistence trojan botnet zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blacklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2