Overview

overview

10

Static

static

c886b6a0e7...26.dll

windows7_x64

10

c886b6a0e7...26.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26

  • Size

    1.1MB

  • Sample

    211206-272vcafdbr

  • MD5

    25c14298d7383424ec49374aa1635c80

  • SHA1

    f8f16e9d54406efe700d791e318eac57af91aa6f

  • SHA256

    c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26

  • SHA512

    400cc0a208731eb4e81b8ceebf241547bb5b2e1e79d8f7ece8998f6b503aad30cfde30e3f0020d381b66a2c4a68eda22bb778d0d12192a2d9159ff3fb27441ed

Score
10/10
zloadermk1mac2botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://adslstickerfone.world/click.php

Attributes
  • build_id

    20

rc4.plain

Targets

    • Target

      c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26

    • Size

      1.1MB

    • MD5

      25c14298d7383424ec49374aa1635c80

    • SHA1

      f8f16e9d54406efe700d791e318eac57af91aa6f

    • SHA256

      c886b6a0e78106a83d4375b297fa5ef7775dd5a9f22239c998f72c6abf39ff26

    • SHA512

      400cc0a208731eb4e81b8ceebf241547bb5b2e1e79d8f7ece8998f6b503aad30cfde30e3f0020d381b66a2c4a68eda22bb778d0d12192a2d9159ff3fb27441ed

    Score
    10/10
    zloadermk1mac2botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks