Overview

overview

10

Static

static

zet.dll

windows7_x64

10

zet.dll

windows10_x64

10

Resubmissions

04-03-2021 14:07

210304-t8mkw9zwcx 10

09-06-2020 12:53

200609-94pakbswws 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zet.dll

  • Size

    475KB

  • Sample

    210304-t8mkw9zwcx

  • MD5

    c83275d7c15af02f0a56eed274b8b67b

  • SHA1

    38fbad3e2ce170e7010f86b21af6bd485ad1c6b5

  • SHA256

    187e7ad44558b62fdebe79a0ab45f4cdde66f05945d3c7fe848a2212f5fd555d

  • SHA512

    8f592dce913f94994e67c16e2ab36349cb6185156dd04b68cd4ce619a752b54131f7285ac78e31a2c6bee1ce433e9f9d42728fbe3c7966a586c8e1cc3834ac6c

Score
10/10
zloaderbot5bot5botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      zet.dll

    • Size

      475KB

    • MD5

      c83275d7c15af02f0a56eed274b8b67b

    • SHA1

      38fbad3e2ce170e7010f86b21af6bd485ad1c6b5

    • SHA256

      187e7ad44558b62fdebe79a0ab45f4cdde66f05945d3c7fe848a2212f5fd555d

    • SHA512

      8f592dce913f94994e67c16e2ab36349cb6185156dd04b68cd4ce619a752b54131f7285ac78e31a2c6bee1ce433e9f9d42728fbe3c7966a586c8e1cc3834ac6c

    Score
    10/10
    zloaderbot5bot5botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks