Overview

overview

10

Static

static

tsk.dll

windows7_x64

10

tsk.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tsk.dll

  • Size

    489KB

  • Sample

    201109-vv3m9saala

  • MD5

    a09579dd34dbef1b234181c9d780c239

  • SHA1

    31e811931d2a5174e0f505f9e6a92e2c752f676c

  • SHA256

    7fdd024bec3841eaaf2ac0b352b66380ef74cf47f37c965982d36be948bcf75d

  • SHA512

    0208067a7a4e5433fa30739425ca51e08b9972f260d93876f8156f5a914dc6a536e0129edb70e04e60013e4655eeccd6c78c283d51a03febd478e95a4e1fe431

Score
10/10
zloaderbot5bot5botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      tsk.dll

    • Size

      489KB

    • MD5

      a09579dd34dbef1b234181c9d780c239

    • SHA1

      31e811931d2a5174e0f505f9e6a92e2c752f676c

    • SHA256

      7fdd024bec3841eaaf2ac0b352b66380ef74cf47f37c965982d36be948bcf75d

    • SHA512

      0208067a7a4e5433fa30739425ca51e08b9972f260d93876f8156f5a914dc6a536e0129edb70e04e60013e4655eeccd6c78c283d51a03febd478e95a4e1fe431

    Score
    10/10
    zloaderbot5bot5botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks