zloader | e0a348e8afde01128ecaf94ab1d6e3ff49b5700282c21b60d6dcb5cac9b4fb27 | Triage

Resubmissions

02-11-2020 08:21

201102-15nrpzrhts 10

02-11-2020 03:03

201102-d32ctzcxce 1

Sharing

General

Target

B9DD.zip
Size

150KB
Sample

201102-15nrpzrhts
MD5

7db5c5879a9f4ad8daec627676455950
SHA1

41f8fd920641c315255b830b02e0eeb647b13908
SHA256

e0a348e8afde01128ecaf94ab1d6e3ff49b5700282c21b60d6dcb5cac9b4fb27
SHA512

dba4d501c7202ea460dfdd5ab703faceb2588c63eaf428154e41802f60aa91890516d13e17af05fd140e4c76a1572e86167ac055e13d9b961327025169007044

Score

10^/10

zloader dllobnova 2020 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

2020

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

rc4.plain

Targets

- Target
  
  B9DD.dll
- Size
  
  214KB
- MD5
  
  870a53819f2db3549facbf849717aea7
- SHA1
  
  e8d3b89e7f943112dca04cb5c37a9d73b3c844c5
- SHA256
  
  8a237182974d55a414f91a6d657403fafc8b79685ff1a73562758b333aeea590
- SHA512
  
  fa1e9e1809b52896b454e73107c226ad975e56e72d2f952043706143d5b04766d908bd138599f5c06405af047bf6ac78615f9b2dc6034d61db9967e88a09e1a2
Score

10^/10

zloader dllobnova 2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderdllobnova2020botnetpersistencetrojan