zloader | efb99dabdc2014a65a03044be4e477a643c4cbae9e02ec184ace4f212860898f

General

Target

Documents_2014081229.xls
Size

273KB
Sample

210312-vr8zjtgyax
MD5

63a68ba95fca6c9b586b1b7aaa8181df
SHA1

afc6a930be981fea43f942f0fb7b71cf941d573b
SHA256

efb99dabdc2014a65a03044be4e477a643c4cbae9e02ec184ace4f212860898f
SHA512

fecb625fb7a6befcde453ff4b3792dfeed5dde73d8ba73096faafdbc9b092271cd344a4cdd7b2f9538255d58151e4a3a70bf2f4b680110881f02c2ecc3bb6d45

Score

10^/10

Malware Config

Extracted

Language

xlm4.0

Source

URLs

xlm40.dropper

https://sssolutionsllc.org/k.php

Extracted

Family

zloader

Botnet

kev

Campaign

12/03

C2

https://dazzlingnight.com/post.php

https://rylaconfxilo.tk/post.php

https://seaofsilver.com/post.php

https://kenthehafana.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  Documents_2014081229.xls
- Size
  
  273KB
- MD5
  
  63a68ba95fca6c9b586b1b7aaa8181df
- SHA1
  
  afc6a930be981fea43f942f0fb7b71cf941d573b
- SHA256
  
  efb99dabdc2014a65a03044be4e477a643c4cbae9e02ec184ace4f212860898f
- SHA512
  
  fecb625fb7a6befcde453ff4b3792dfeed5dde73d8ba73096faafdbc9b092271cd344a4cdd7b2f9538255d58151e4a3a70bf2f4b680110881f02c2ecc3bb6d45
Score

10^/10

zloader kev 12/03 botnet trojan
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Process spawned unexpected child process

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2