Overview

overview

10

Static

static

da164dc8c1...e3.dll

windows7_x64

10

da164dc8c1...e3.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

  • Size

    788KB

  • Sample

    220201-d533magfe2

  • MD5

    25c4f6ec3f18c71bf9639746b8fe9567

  • SHA1

    9ff48900feed1f2433b3ef1610a5fc2b438152de

  • SHA256

    da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

  • SHA512

    35120b078971e74f473d19fc5f65bd4fe925ff05a00dac080b6a98ceeb1409ce6e2b6757d282559f21fe24e9ee8c95e90a5289e30602ab88203cd0432827637e

Score
10/10
zloadermain27.03.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

27.03.2020

C2

https://hustlertest.com/sound.php

https://dandycodes.com/sound.php

https://sandyfotos.com/sound.php

https://postgringos.com/sound.php

https://tetraslims.com/sound.php

https://greenrumba.com/sound.php

https://starterdatas.com/sound.php

https://nexycombats.com/sound.php

https://peermems.com/sound.php

https://fotonums.com/sound.php
Attributes
  • build_id

    29

rc4.plain

Targets

    • Target

      da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

    • Size

      788KB

    • MD5

      25c4f6ec3f18c71bf9639746b8fe9567

    • SHA1

      9ff48900feed1f2433b3ef1610a5fc2b438152de

    • SHA256

      da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3

    • SHA512

      35120b078971e74f473d19fc5f65bd4fe925ff05a00dac080b6a98ceeb1409ce6e2b6757d282559f21fe24e9ee8c95e90a5289e30602ab88203cd0432827637e

    Score
    10/10
    zloadermain27.03.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks