Extracted

• • Target

    ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56

  • Size

    246KB

  • MD5

    d871aee05301c265725e006800294894

  • SHA1

    3b6d944433e24d2eb9606f8d4bfc882ba505c4d6

  • SHA256

    ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56

  • SHA512

    83508d1a3e08a584e0fa4b7b7f3dc87ee4bce48eea83e6d009baf92041bd3ce8eb6ee6132f768fcd54168c1c7b845e1ef62e537471a2f3a323b79c3e0858ecc5

  Score

  10^/10

  zloaderbankingbankingbotnetpersistencetrojan

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blocklisted process makes network request

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2