Overview

overview

10

Static

static

10

41c725abdd...83.dll

windows7_x64

10

41c725abdd...83.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    41c725abdd5d0e8fb101d92e777c47f7b90e8f2b1c9ae0727549b4de604ecd83

  • Size

    174KB

  • Sample

    201109-3lxdqhlpl6

  • MD5

    8fba28241a6fe93b03e5403b89750453

  • SHA1

    7ceaf8aa85a288b9ea2eba8d9dcd7ea1836ae78d

  • SHA256

    41c725abdd5d0e8fb101d92e777c47f7b90e8f2b1c9ae0727549b4de604ecd83

  • SHA512

    6276c156ea419d304714a01a988f97ed30e410090acbfde5b3818eac236196363034a963603cb27bc9882f91fc2fee4753832a46c79206b7e1b28ea0e5c9f0e2

Score
10/10
zloaderplspamplspambotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

PLSPAM

Campaign

PLSPAM

C2

http://marchadvertisingnetwork4.com/post.php

http://marchadvertisingnetwork5.com/post.php

http://marchadvertisingnetwork6.com/post.php

http://marchadvertisingnetwork7.com/post.php

http://marchadvertisingnetwork8.com/post.php

http://marchadvertisingnetwork9.com/post.php

http://marchadvertisingnetwork10.com/post.php
rc4.plain

Targets

    • Target

      41c725abdd5d0e8fb101d92e777c47f7b90e8f2b1c9ae0727549b4de604ecd83

    • Size

      174KB

    • MD5

      8fba28241a6fe93b03e5403b89750453

    • SHA1

      7ceaf8aa85a288b9ea2eba8d9dcd7ea1836ae78d

    • SHA256

      41c725abdd5d0e8fb101d92e777c47f7b90e8f2b1c9ae0727549b4de604ecd83

    • SHA512

      6276c156ea419d304714a01a988f97ed30e410090acbfde5b3818eac236196363034a963603cb27bc9882f91fc2fee4753832a46c79206b7e1b28ea0e5c9f0e2

    Score
    10/10
    zloaderplspamplspambotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks