zloader | 4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

General

Target

4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5
Size

334KB
Sample

220201-htfv6sbac9
MD5

500854618bda05096da0a2d244de4e43
SHA1

ec5338822efc141c24c54a6718fb73cfe166a61d
SHA256

4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5
SHA512

3dbca6e5792c70485b49238329986b7f04d48ea1171b4d57d1305e617c089c838dcba75f7344eab48dffcd06629b6f14523989e504f90e20225839659ab83226

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

27.03.2020

C2

https://hustlertest.com/sound.php

https://dandycodes.com/sound.php

https://sandyfotos.com/sound.php

https://postgringos.com/sound.php

https://tetraslims.com/sound.php

https://greenrumba.com/sound.php

https://starterdatas.com/sound.php

https://nexycombats.com/sound.php

https://peermems.com/sound.php

https://fotonums.com/sound.php

Attributes

build_id
29

rc4.plain

Targets

- Target
  
  4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5
- Size
  
  334KB
- MD5
  
  500854618bda05096da0a2d244de4e43
- SHA1
  
  ec5338822efc141c24c54a6718fb73cfe166a61d
- SHA256
  
  4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5
- SHA512
  
  3dbca6e5792c70485b49238329986b7f04d48ea1171b4d57d1305e617c089c838dcba75f7344eab48dffcd06629b6f14523989e504f90e20225839659ab83226
Score

10^/10

zloader main 27.03.2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2