zloader | b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b

General

Target

b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
Size

420KB
Sample

220201-exz7fahbe9
MD5

e7aba23375f3a435c774684db72f15d8
SHA1

8b20384f4a28f897a82bb4cb58e317d100096b73
SHA256

b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
SHA512

2ac781bd7b16afa5393849928c5f0ac7df120f42cc6a24aecc7f3e8cd746733a3c8d781d4cc7e460d986b368305940a7b28aecad8fc7949ab65438d0fce1dec9

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

12.03.2020

C2

https://postxer.com/sound.php

https://banssa.org/sound.php

https://dolax.org/sound.php

https://calul.org/sound.php

https://evahs.org/sound.php

Attributes

build_id
21

rc4.plain

Targets

- Target
  
  b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
- Size
  
  420KB
- MD5
  
  e7aba23375f3a435c774684db72f15d8
- SHA1
  
  8b20384f4a28f897a82bb4cb58e317d100096b73
- SHA256
  
  b7f3b8c8e8cd3b886baea02961ce6968315359a78e4af1edc51f930ae4ebd67b
- SHA512
  
  2ac781bd7b16afa5393849928c5f0ac7df120f42cc6a24aecc7f3e8cd746733a3c8d781d4cc7e460d986b368305940a7b28aecad8fc7949ab65438d0fce1dec9
Score

10^/10

zloader main 12.03.2020 botnet trojan persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Sets service image path in registry

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2