zloader | 5d5eba72c6d49f9cd51721fb446208f4b53c926e35fbe3c51423982f0283cb52

General

Target

fWpzyAgQmxvltIt.zip
Size

205KB
Sample

201030-vkpypkaq5a
MD5

b3f6122000cce3bb0f601ec86f646205
SHA1

64725c410f713b2d1bfb7baef624948b8259257d
SHA256

5d5eba72c6d49f9cd51721fb446208f4b53c926e35fbe3c51423982f0283cb52
SHA512

219c297ec822d606771f62c9fee9e9e59c0cca50a0f6f01c171b53134b361c06af0b23bd0f34e10bbee0db6772d2c2b38d881756d48b1522297d496e683345c1

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

07.04.2020

C2

https://mioniough.com/sound.php

https://ergensu.com/sound.php

https://purots.com/sound.php

https://lipurf.com/sound.php

https://vacontd.com/sound.php

https://zelacarths.com/sound.php

rc4.plain

Targets

- Target
  
  fWpzyAgQmxvltIt.dll
- Size
  
  841KB
- MD5
  
  67dbc292bf899109f44e52fa3b9d2a3e
- SHA1
  
  f327847059784ce84e92a10098eb979daf5f317b
- SHA256
  
  7af7f0a46e466b448270f959f4e1a3af964d22b609100536703e299d7618bf2d
- SHA512
  
  3c5b66e2523d72073be6714e57e34b2157248a7e1b2fa91f96828222f471c1dc1b0ebff3eabdb269cdde2bb8361dd9ec7bfa211f50a3267c6b11029598c76d35
Score

10^/10

zloader main 07.04.2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2