zloader | d3255ed380e290f4992701d1c10a3f65580b5e0aff384ab4308a8202d71f38a8

General

Target

d3255ed380e290f4992701d1c10a3f65580b5e0aff384ab4308a8202d71f38a8
Size

275KB
Sample

220201-k45cmacee6
MD5

39cb3387dedf5568efeb8ae071e9006e
SHA1

9e9005fe8e8817c87e8f55bb5ba41f12ec7724b0
SHA256

d3255ed380e290f4992701d1c10a3f65580b5e0aff384ab4308a8202d71f38a8
SHA512

ef496ca7b6aaa85df502a6eccc7fa1758b9bcc14ec194b451660444b4d8e23c3e67353432a3d653bf3936f0cf18df2abe239e7b4e5adb6eb8260aea07c1ca299

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

cookiesfix

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php

Attributes

build_id
25

rc4.plain

Targets

- Target
  
  d3255ed380e290f4992701d1c10a3f65580b5e0aff384ab4308a8202d71f38a8
- Size
  
  275KB
- MD5
  
  39cb3387dedf5568efeb8ae071e9006e
- SHA1
  
  9e9005fe8e8817c87e8f55bb5ba41f12ec7724b0
- SHA256
  
  d3255ed380e290f4992701d1c10a3f65580b5e0aff384ab4308a8202d71f38a8
- SHA512
  
  ef496ca7b6aaa85df502a6eccc7fa1758b9bcc14ec194b451660444b4d8e23c3e67353432a3d653bf3936f0cf18df2abe239e7b4e5adb6eb8260aea07c1ca299
Score

10^/10

zloader dllobnova cookiesfix botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2