zloader | c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564 | Triage

Resubmissions

17-11-2023 10:11

231117-l79xyshg5x 10

09-11-2020 20:51

201109-e7t1r93kmn 10

Sharing

General

Target

sustenance.dll
Size

525KB
Sample

201109-e7t1r93kmn
MD5

d50829ab5499f6ec3a0829515db611d0
SHA1

d6d5ea77c50e01a1472e8ea7dbd1380df65fe0b4
SHA256

c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564
SHA512

104e1e5a50e0928d96cf28c560fbab1006e3cbd049edc661e8512eabee2cc80119e143359a14ff6d6e509c0cd2ea8ef64a137f6010e017a36293485d134a88b9

Score

10^/10

zloader can1 vbsdll5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

CAN1

Campaign

VBSDLL5

C2

https://studentsclasses.com/post.php

https://booking-king.com/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  sustenance.dll
- Size
  
  525KB
- MD5
  
  d50829ab5499f6ec3a0829515db611d0
- SHA1
  
  d6d5ea77c50e01a1472e8ea7dbd1380df65fe0b4
- SHA256
  
  c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564
- SHA512
  
  104e1e5a50e0928d96cf28c560fbab1006e3cbd049edc661e8512eabee2cc80119e143359a14ff6d6e509c0cd2ea8ef64a137f6010e017a36293485d134a88b9
Score

10^/10

zloader can1 vbsdll5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadercan1vbsdll5botnetpersistencetrojan

behavioral2