Overview

overview

10

Static

static

6

zte(1).dll

windows7_x64

10

zte(1).dll

windows10_x64

10

Resubmissions

10-08-2023 17:12

230810-vq913aff23 10

10-08-2023 16:29

230810-tznnragg4y 10

09-11-2020 20:57

201109-4wpwk1zk1e 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zte(1).dll

  • Size

    473KB

  • Sample

    201109-4wpwk1zk1e

  • MD5

    2b99305fdd451f60f935efb4fd4fb9be

  • SHA1

    d0c7f705d3d94ccea33654f940c7b2e77448fc3d

  • SHA256

    8761a16b210e215456f4ad4dffeb624ee2b2b3646971860dc5ffb0f8b82658b0

  • SHA512

    7fb8307f9a669fd1ba37a41d4f611d61124370b514fa290fd0d9ad1dcba8f2c0a37e3999ee507944f03d66ac3907ba56bf3fbaaef5409e5ae5e7746f6d7bca0f

Score
10/10
zloaderbot5bot5botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      zte(1).dll

    • Size

      473KB

    • MD5

      2b99305fdd451f60f935efb4fd4fb9be

    • SHA1

      d0c7f705d3d94ccea33654f940c7b2e77448fc3d

    • SHA256

      8761a16b210e215456f4ad4dffeb624ee2b2b3646971860dc5ffb0f8b82658b0

    • SHA512

      7fb8307f9a669fd1ba37a41d4f611d61124370b514fa290fd0d9ad1dcba8f2c0a37e3999ee507944f03d66ac3907ba56bf3fbaaef5409e5ae5e7746f6d7bca0f

    Score
    10/10
    zloaderbot5bot5botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks