zloader | 20cda7395d07517c9542c32212b8c353085c4e512d1760f22efb711f554d380c

General

Target

E201.zip
Size

218KB
Sample

201029-2nc8yhkct2
MD5

21a9280dcec3a899b53b44d1d6e04ae0
SHA1

93d0de3389b2dccc2aa4327fedb61d7e404bd527
SHA256

20cda7395d07517c9542c32212b8c353085c4e512d1760f22efb711f554d380c
SHA512

a8bc96caf66e2c72ddec2903c778a8422a71f587910320fb3839736cbf077592ca69c9df42edcb190fe0e04296e75f2701e283a93196b1eedc73d64e8cd4a99a

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

dllnewheh

C2

https://dsdjfhdsufudhjas.name/gate.php

https://dsdjfhd9ddksaas.com/gate.php

https://dsdjfhdsufudhjas.pw/gate.php

https://dsdjfhd9ddksaas.ru/gate.php

https://dsdjfhdsufudhjas.su/gate.php

https://kdsadisadijdsasm2.com/gate.php

https://dsdjfhdsufudhjas.net/gate.php

https://dsdjfhd9ddksaas.eu/gate.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  E201.dll
- Size
  
  357KB
- MD5
  
  0ccdbb8625ce02f3b70023367ba727de
- SHA1
  
  fd2500f7031bab40142ea4500cc45368262962e9
- SHA256
  
  8f9f67c5070eed97e99e16781b65bd05d0d73222bb25b17b65c769311f7850a2
- SHA512
  
  ed63c7525ba82d4ea1a16bcea277a7a5fef5da848a15a50d1db65078b0dba094d2525987c5d6e0310b02bc03fbad4c47f5c285e0d43e3ad10a6e79b412489bb6
Score

10^/10

zloader dllobnova dllnewheh botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2