zloader | 8321878f3cb1c162001bbeef8188373cd2b31a6c5fca4243bee912c1b7a3bca0

General

Target

Jungian.ogv.zip
Size

239KB
Sample

201101-ag1djn7pex
MD5

f8e6fcddac65b01f34ab1b8d17bcae2c
SHA1

b74954093c740fa2a1717b30c799387e1cad9836
SHA256

8321878f3cb1c162001bbeef8188373cd2b31a6c5fca4243bee912c1b7a3bca0
SHA512

6c7194a36449ae710d40c34a96c688c93d190dc2ca59d9bc6c6b203c5279d9a46ad41d38fe624533f15de9bc18447e0aa447f52696d3d933024085a0f799ad11

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

21.04.2020

C2

https://hesaista.org/sound.php

https://naght.org/sound.php

https://coult.org/sound.php

https://tilyn.org/sound.php

https://rhald.org/sound.php

https://rutom.org/sound.php

https://chorbly.org/sound.php

https://kodray.org/sound.php

rc4.plain

Targets

- Target
  
  Jungian.ogv.dll
- Size
  
  369KB
- MD5
  
  1ab89002a0fea4c8fe55d678a6c7dbbe
- SHA1
  
  c599f6ad865accac6de951f6b452b252a831a56b
- SHA256
  
  5f416bec35b42ef4c9b7912c2a4354f5dffed5c24547f5a6d50912ee27f3784a
- SHA512
  
  11c9bf50d831a64efe1b59d26a3c1713f41bdbcd43b1357c5b18c731c19ba4cf369135da0eb518b8e45be619e3eb5bcd6b4aa910398f70bf7970c3d265f03016
Score

10^/10

zloader main 21.04.2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2