Overview

overview

10

Static

static

SerkLIEWTZwyHtV.dll

windows7_x64

10

SerkLIEWTZwyHtV.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SerkLIEWTZwyHtV.zip

  • Size

    176KB

  • Sample

    201031-rc8cxq9w6a

  • MD5

    f521a0a2261002be228345150b0562e3

  • SHA1

    e716f08ad26b4a7250eb4eadb7dd8f336bc6a1d9

  • SHA256

    9c47bdca316f143fa347a4dd03d61bad31f338bc490d539aa237a56a1f6195cb

  • SHA512

    8b44fb751a9b40cb88f321ae067dd8bcce072dcd3fa7f432eb8cc29ab0ccac9e89b3454fbe2d82bd9ea222eab51ec27fc3a78ae7871f3141d993f37c77360e27

Score
10/10
zloadermain14.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

14.04.2020

C2

https://bluslias.com/sound.php

https://adandore.com/sound.php

https://ficutept.com/sound.php

https://veckeard.com/sound.php
rc4.plain

Targets

    • Target

      SerkLIEWTZwyHtV.dll

    • Size

      803KB

    • MD5

      53a476053fb72992027e4c5bdab362da

    • SHA1

      76890dd42ad72c5b63b4ac9dfa4354b3cbf105cb

    • SHA256

      987bd37601d6a662a35183c0dd766752e57ed9a1090bb0383b082baf4ea8f6c8

    • SHA512

      6241a9f55a9eb0b75f6c0ab32bd90bc432096f744c5f4678b47e8d6af8623c9afd820f15e0a623dd66af43ab0b96b3216bf7f73e53c75740fbef91c40cfb8e42

    Score
    10/10
    zloadermain14.04.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks