Overview

overview

10

Static

static

zoom.dll

windows7_x64

10

zoom.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zoom.dll

  • Size

    3.0MB

  • Sample

    211128-e8l4ysahd8

  • MD5

    42b0be71b8e27c8eb9d93c75210c7818

  • SHA1

    24ac19a30b18258fb33349ab03bc1837d09a46cd

  • SHA256

    7bb1d11f432ab61db96b17ea906513388747f7ce1fe3a3644e3a3886bf100059

  • SHA512

    af945baf31589c2493fc5ab007c7664a67013ad5d92bc4b525c20ec14c2fddab5f3d11dde1be74f05d6fddf199f2919c43cc78bc0d17f6380da6e623b7ff7123

Score
10/10
zloader909222personal909222personalbotnettrojan

Malware Config

Extracted

Family

zloader

Botnet

909222

Campaign

909222

C2

https://asdfghdsajkl.com/gate.php

https://lkjhgfgsdshja.com/gate.php

https://kjdhsasghjds.com/gate.php

https://kdjwhqejqwij.com/gate.php

https://iasudjghnasd.com/gate.php

https://daksjuggdhwa.com/gate.php

https://dkisuaggdjhna.com/gate.php

https://eiqwuggejqw.com/gate.php

https://dquggwjhdmq.com/gate.php

https://djshggadasj.com/gate.php
Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Extracted

Family

zloader

Botnet

personal

Campaign

personal

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php
Attributes
  • build_id

    157

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      zoom.dll

    • Size

      3.0MB

    • MD5

      42b0be71b8e27c8eb9d93c75210c7818

    • SHA1

      24ac19a30b18258fb33349ab03bc1837d09a46cd

    • SHA256

      7bb1d11f432ab61db96b17ea906513388747f7ce1fe3a3644e3a3886bf100059

    • SHA512

      af945baf31589c2493fc5ab007c7664a67013ad5d92bc4b525c20ec14c2fddab5f3d11dde1be74f05d6fddf199f2919c43cc78bc0d17f6380da6e623b7ff7123

    Score
    10/10
    zloader909222personal909222personalbotnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Command-Line Interface

1
T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

1
T1018

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks