zloader | 2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3

General

Target

befa9f5bf600be688d04c8f12601c15b.dll
Size

509KB
Sample

201017-kv2yppebya
MD5

befa9f5bf600be688d04c8f12601c15b
SHA1

1588dc5943b4a2dd92f9bdb00d8dccf830e5e567
SHA256

2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
SHA512

55654b53529369ad748eda9bb592e05cc630f8a7003b320992e2e67050d20dea091fbcd014f9565425dac03d402f9e8d2a14a56b54419bb42a0558ee336ef48d

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

poll

C2

https://fqnceas.su/gate.php

https://fqlocpeas.ru/gate.php

https://dksaiijn.ru/gate.php

https://dksafjasnf.su/gate.php

https://fjsafasfsa.ru/gate.php

https://fjskoijafsa.ru/gate.php

https://kochamkkkras.ru/gate.php

https://uookqihwdid.ru/gate.php

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  befa9f5bf600be688d04c8f12601c15b.dll
- Size
  
  509KB
- MD5
  
  befa9f5bf600be688d04c8f12601c15b
- SHA1
  
  1588dc5943b4a2dd92f9bdb00d8dccf830e5e567
- SHA256
  
  2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
- SHA512
  
  55654b53529369ad748eda9bb592e05cc630f8a7003b320992e2e67050d20dea091fbcd014f9565425dac03d402f9e8d2a14a56b54419bb42a0558ee336ef48d
Score

10^/10

persistence trojan botnet zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blacklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2