General

  • Target

    b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

  • Size

    420KB

  • Sample

    220201-exz7fahbe9

  • MD5

    e7aba23375f3a435c774684db72f15d8

  • SHA1

    8b20384f4a28f897a82bb4cb58e317d100096b73

  • SHA256

    b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

  • SHA512

    2ac781bd7b16afa5393849928c5f0ac7df120f42cc6a24aecc7f3e8cd746733a3c8d781d4cc7e460d986b368305940a7b28aecad8fc7949ab65438d0fce1dec9

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

12.03.2020

C2

https://postxer.com/sound.php

https://banssa.org/sound.php

https://dolax.org/sound.php

https://calul.org/sound.php

https://evahs.org/sound.php

Attributes
  • build_id

    21

rc4.plain

Targets

    • Target

      b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

    • Size

      420KB

    • MD5

      e7aba23375f3a435c774684db72f15d8

    • SHA1

      8b20384f4a28f897a82bb4cb58e317d100096b73

    • SHA256

      b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

    • SHA512

      2ac781bd7b16afa5393849928c5f0ac7df120f42cc6a24aecc7f3e8cd746733a3c8d781d4cc7e460d986b368305940a7b28aecad8fc7949ab65438d0fce1dec9

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Sets service image path in registry

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks