Overview

overview

10

Static

static

sustenance.dll

windows7_x64

10

sustenance.dll

windows10_x64

3

Resubmissions

17-11-2023 10:11

231117-l79xyshg5x 10

09-11-2020 20:51

201109-e7t1r93kmn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    sustenance.dll

  • Size

    525KB

  • Sample

    201109-e7t1r93kmn

  • MD5

    d50829ab5499f6ec3a0829515db611d0

  • SHA1

    d6d5ea77c50e01a1472e8ea7dbd1380df65fe0b4

  • SHA256

    c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564

  • SHA512

    104e1e5a50e0928d96cf28c560fbab1006e3cbd049edc661e8512eabee2cc80119e143359a14ff6d6e509c0cd2ea8ef64a137f6010e017a36293485d134a88b9

Score
10/10
zloadercan1vbsdll5botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

CAN1

Campaign

VBSDLL5

C2

https://studentsclasses.com/post.php

https://booking-king.com/post.php
rc4.plain
rsa_pubkey.plain

Targets

    • Target

      sustenance.dll

    • Size

      525KB

    • MD5

      d50829ab5499f6ec3a0829515db611d0

    • SHA1

      d6d5ea77c50e01a1472e8ea7dbd1380df65fe0b4

    • SHA256

      c194e82e8a3ada40421b28e668c9135f09f9336732dc31053fc0cebf7be97564

    • SHA512

      104e1e5a50e0928d96cf28c560fbab1006e3cbd049edc661e8512eabee2cc80119e143359a14ff6d6e509c0cd2ea8ef64a137f6010e017a36293485d134a88b9

    Score
    10/10
    zloadercan1vbsdll5botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks