zloader | 15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807

General

Target

15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
Size

529KB
Sample

220201-j377fsbgg9
MD5

96ede22c743f990a839949fb3edd381b
SHA1

2506fb0f8e03108b5e4ee4555e6d9f309f4f8936
SHA256

15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
SHA512

14922ce98535243e4f6e5c771c02397027b75b3e73ae807335dbcb97b653fc517010d89565ca6e0399a5012d40774455318a120ae5eb3f84693f9f0da1c1ed11

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

PLSPAM

Campaign

PLSPAM

C2

http://marchadvertisingnetwork4.com/post.php

http://marchadvertisingnetwork5.com/post.php

http://marchadvertisingnetwork6.com/post.php

http://marchadvertisingnetwork7.com/post.php

http://marchadvertisingnetwork8.com/post.php

http://marchadvertisingnetwork9.com/post.php

http://marchadvertisingnetwork10.com/post.php

Attributes

build_id
27

rc4.plain

Targets

- Target
  
  15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
- Size
  
  529KB
- MD5
  
  96ede22c743f990a839949fb3edd381b
- SHA1
  
  2506fb0f8e03108b5e4ee4555e6d9f309f4f8936
- SHA256
  
  15e6a048813e1fa7e06751b3cccd6125d7b8efb3ed160931213ac44eafa60807
- SHA512
  
  14922ce98535243e4f6e5c771c02397027b75b3e73ae807335dbcb97b653fc517010d89565ca6e0399a5012d40774455318a120ae5eb3f84693f9f0da1c1ed11
Score

10^/10

zloader plspam plspam botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2