Overview

overview

10

Static

static

4ca3ae0f9b...a5.dll

windows7_x64

10

4ca3ae0f9b...a5.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

  • Size

    334KB

  • Sample

    220201-htfv6sbac9

  • MD5

    500854618bda05096da0a2d244de4e43

  • SHA1

    ec5338822efc141c24c54a6718fb73cfe166a61d

  • SHA256

    4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

  • SHA512

    3dbca6e5792c70485b49238329986b7f04d48ea1171b4d57d1305e617c089c838dcba75f7344eab48dffcd06629b6f14523989e504f90e20225839659ab83226

Score
10/10
zloadermain27.03.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

27.03.2020

C2

https://hustlertest.com/sound.php

https://dandycodes.com/sound.php

https://sandyfotos.com/sound.php

https://postgringos.com/sound.php

https://tetraslims.com/sound.php

https://greenrumba.com/sound.php

https://starterdatas.com/sound.php

https://nexycombats.com/sound.php

https://peermems.com/sound.php

https://fotonums.com/sound.php
Attributes
  • build_id

    29

rc4.plain

Targets

    • Target

      4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

    • Size

      334KB

    • MD5

      500854618bda05096da0a2d244de4e43

    • SHA1

      ec5338822efc141c24c54a6718fb73cfe166a61d

    • SHA256

      4ca3ae0f9b573739e66192f15aade1cf3d409ef133a7b6834ad4e387dea498a5

    • SHA512

      3dbca6e5792c70485b49238329986b7f04d48ea1171b4d57d1305e617c089c838dcba75f7344eab48dffcd06629b6f14523989e504f90e20225839659ab83226

    Score
    10/10
    zloadermain27.03.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks