zloader | c3a74bd00279c7a9eb6827badb8360e23fd9f290740edfc4cc24848b617f0203 | Triage

Submit
Reports

Overview

overview

Static

static

phiasko.bat

windows10_x64

Sharing

General

Target

zizi.rar
Size

717KB
Sample

211004-1xf98ahae7
MD5

d58e0fd8841767273f735ff5f6058335
SHA1

3874270a7e4b14abdff93696283010a18be18db8
SHA256

c3a74bd00279c7a9eb6827badb8360e23fd9f290740edfc4cc24848b617f0203
SHA512

bdebe017bd9964003f4691370c88d0e1b72e67d8776008723fd5391dabb78c25959b710865e5d803c3157f11305a60f0e0e85c34c05c3927eda62c1ee1250103

Score

10^/10

zloader 123 123 botnet persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

phiasko.bat

Resource

win10-ja-20210920

zloader 123 123 botnet persistence trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

zloader

Botnet

123

Campaign

123

C2

http://gipc.in/post.php

http://fbhindia.com/post.php

http://ecolenefiber.com/post.php

http://design.ecolenefiber.com/post.php

http://beta.marlics.ir/post.php

http://hari.pk/post.php

http://iaiskjmalang.ac.id/post.php

http://314xd.com/post.php

http://ejournal.iaiskjmalang.ac.id/post.php

http://duanvn.com/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  phiasko.bat
- Size
  
  58B
- MD5
  
  be4bfd95cabbf2a7b68530e629645282
- SHA1
  
  e394c4eea18ee4016c1b43111760fe041f0ab14f
- SHA256
  
  ab443b30acfb9fe983f631a79d4c6fc481208b98cef934cfc91e6f83bba1c52d
- SHA512
  
  c6e7316671e5cd053adca5cd779a90149ed375321e2cab7d63657f308c41a8cbda42c8009da08cea519da72df34400813d5c1a0bd3f923510b632adc09793dcc
Score

10^/10

zloader 123 123 botnet persistence trojan
- Registers COM server for autorun
  persistence
- Suspicious use of NtCreateProcessExOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Modifies Installed Components in the registry
  persistence
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloader123123botnetpersistencetrojan

© 2018-2024

Terms | Privacy