zloader | 06f39b7745fc370b817fc6f4ba226ac2f39994bf7da7296a99feb68d730ed174

General

Target

5f4069c9716193f3592946f168f459db.exe
Size

165KB
Sample

210805-mnjm8nhyze
MD5

5f4069c9716193f3592946f168f459db
SHA1

e16fe562704106b55d40c3f6525dd1a56a5f5df9
SHA256

06f39b7745fc370b817fc6f4ba226ac2f39994bf7da7296a99feb68d730ed174
SHA512

88118e51ec79694f0b95be723342088e10bf37e72482a1bc1712f1bc529ab1f0a9b447172793b3be1e099ca82b8fbc9c1c07b9f7d690f3a04ad94b666e4bc33c

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

vasja

Campaign

vasja

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  5f4069c9716193f3592946f168f459db.exe
- Size
  
  165KB
- MD5
  
  5f4069c9716193f3592946f168f459db
- SHA1
  
  e16fe562704106b55d40c3f6525dd1a56a5f5df9
- SHA256
  
  06f39b7745fc370b817fc6f4ba226ac2f39994bf7da7296a99feb68d730ed174
- SHA512
  
  88118e51ec79694f0b95be723342088e10bf37e72482a1bc1712f1bc529ab1f0a9b447172793b3be1e099ca82b8fbc9c1c07b9f7d690f3a04ad94b666e4bc33c
Score

10^/10

zloader vasja vasja botnet evasion persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Downloads MZ/PE file
- Modifies Windows Firewall
  evasion
- Loads dropped DLL
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

1

T1031

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Downloads MZ/PE file

Modifies Windows Firewall

Loads dropped DLL

Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2