Overview

overview

10

Static

static

earshot.dll

windows7_x64

1

earshot.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    earshot.dll

  • Size

    858KB

  • Sample

    201109-fxxhvcszh6

  • MD5

    d1b4b311fd49c228ed5f66c72023fd8e

  • SHA1

    bee08a27d939c6d914d2c3494e689332bfa75821

  • SHA256

    30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd

  • SHA512

    21135bebc49b511f28047db2afac3df74f2a64046494abf7572663392adb32bbac2e701590e75a2b4ef0dde0bdd5eb39ffc931758014772efb06f7c04c9b022e

Score
10/10
zloadermain26.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

26.04.2020

C2

https://coult.org/sound.php

https://chorbly.org/sound.php

https://kodray.org/sound.php

https://retualeigh.com/sound.php

https://grually.com/sound.php

https://footmess.com/sound.php

https://rarigussa.com/sound.php

https://pacallse.com/sound.php
rc4.plain

Targets

    • Target

      earshot.dll

    • Size

      858KB

    • MD5

      d1b4b311fd49c228ed5f66c72023fd8e

    • SHA1

      bee08a27d939c6d914d2c3494e689332bfa75821

    • SHA256

      30e772385fc3887fdd1ef1e358dc05cc83da655ecf53257800daf5d68ae430fd

    • SHA512

      21135bebc49b511f28047db2afac3df74f2a64046494abf7572663392adb32bbac2e701590e75a2b4ef0dde0bdd5eb39ffc931758014772efb06f7c04c9b022e

    Score
    10/10
    zloadermain26.04.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks