Overview

overview

10

Static

static

bbbc1a46aa...42.dll

windows7_x64

10

bbbc1a46aa...42.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342

  • Size

    847KB

  • Sample

    220201-etv4bahba7

  • MD5

    4fc69f56dfa547aea675fdaa51141cc2

  • SHA1

    ad3b5825bacb4768e7724b81cc5048cae16c9688

  • SHA256

    bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342

  • SHA512

    791b37b80711be0eebc702efaf08445b256a6b768ce94314f693ee1dafe93ad9c756d1ad116be429d933b8cf2cfd3c72dc5c4a597d47b61ef664b5dd1edf432b

Score
10/10
zloadermain18.03.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

18.03.2020

C2

https://postxer.com/sound.php

https://sentspiels.com/sound.php

https://watae.org/sound.php

https://eirry.org/sound.php

https://lotio.org/sound.php
Attributes
  • build_id

    24

rc4.plain

Targets

    • Target

      bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342

    • Size

      847KB

    • MD5

      4fc69f56dfa547aea675fdaa51141cc2

    • SHA1

      ad3b5825bacb4768e7724b81cc5048cae16c9688

    • SHA256

      bbbc1a46aa7998a12dc9b13c29b5204b784669e60d8bb1d05fbf2741abf68342

    • SHA512

      791b37b80711be0eebc702efaf08445b256a6b768ce94314f693ee1dafe93ad9c756d1ad116be429d933b8cf2cfd3c72dc5c4a597d47b61ef664b5dd1edf432b

    Score
    10/10
    zloadermain18.03.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks