zloader | 08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d | Triage

Sharing

General

Target

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d
Size

144KB
Sample

201110-kx6byv98h6
MD5

9e9bb42a965b89a9dce86c8b36b24799
SHA1

e2d1161ac7fa3420648ba59f7a5315ed0acb04c2
SHA256

08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d
SHA512

e5ba20e364c96260c821bc61eab51906e2075aa0d3755ef25aabfc8f6f9545452930be42d978d96e3a68e2b92120df4940b276c9872ebf36fa50913523c51ce8

Score

10^/10

zloader main 26.02.2020 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

26.02.2020

C2

https://airnaa.org/sound.php

https://banog.org/sound.php

https://rayonch.org/sound.php

rc4.plain

Targets

- Target
  
  08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d
- Size
  
  144KB
- MD5
  
  9e9bb42a965b89a9dce86c8b36b24799
- SHA1
  
  e2d1161ac7fa3420648ba59f7a5315ed0acb04c2
- SHA256
  
  08751be484e1572995ebb085df1c2c6372084d63a64dce7fab28130d79a6ea2d
- SHA512
  
  e5ba20e364c96260c821bc61eab51906e2075aa0d3755ef25aabfc8f6f9545452930be42d978d96e3a68e2b92120df4940b276c9872ebf36fa50913523c51ce8
Score

10^/10

zloader main 26.02.2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

main26.02.2020zloader

behavioral1

zloadermain26.02.2020botnetpersistencetrojan

behavioral2

zloadermain26.02.2020botnetpersistencetrojan