zloader | c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26 | Triage

Sharing

General

Target

c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26
Size

1.1MB
Sample

211206-272vcafdbr
MD5

25c14298d7383424ec49374aa1635c80
SHA1

f8f16e9d54406efe700d791e318eac57af91aa6f
SHA256

c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26
SHA512

400cc0a208731eb4e81b8ceebf241547bb5b2e1e79d8f7ece8998f6b503aad30cfde30e3f0020d381b66a2c4a68eda22bb778d0d12192a2d9159ff3fb27441ed

Score

10^/10

zloader mk1 mac2 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://adslstickerfone.world/click.php

Attributes

build_id
20

rc4.plain

Targets

- Target
  
  c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26
- Size
  
  1.1MB
- MD5
  
  25c14298d7383424ec49374aa1635c80
- SHA1
  
  f8f16e9d54406efe700d791e318eac57af91aa6f
- SHA256
  
  c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26
- SHA512
  
  400cc0a208731eb4e81b8ceebf241547bb5b2e1e79d8f7ece8998f6b503aad30cfde30e3f0020d381b66a2c4a68eda22bb778d0d12192a2d9159ff3fb27441ed
Score

10^/10

zloader mk1 mac2 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadermk1mac2botnetpersistencetrojan

behavioral2

zloadermk1mac2botnetpersistencetrojan