Overview

overview

10

Static

static

f1d43050a5...d4.dll

windows7_x64

10

f1d43050a5...d4.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f1d43050a57365d41f2ec6ac3f73f1ddf9fa454c8b96aa5aa30749490b5a5fd4

  • Size

    247KB

  • Sample

    220201-krbvjscce4

  • MD5

    be0da79c1c67a625af0b3dac757ee5f4

  • SHA1

    51c326ee3b994e2e0c63e4f3788e85d5e5eb4573

  • SHA256

    f1d43050a57365d41f2ec6ac3f73f1ddf9fa454c8b96aa5aa30749490b5a5fd4

  • SHA512

    1bfae94345e1c6db71b855100e9cf2b76c15a28b0fb4a77d1e6d518a3312477632896e521df0fa5b71052965afe7de971a71621f169fc2568f337f1008d73cd9

Score
10/10
zloadermain2020-06-21botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-06-21

C2

https://glartrot.org/web/data

https://revenapo.org/web/data

https://brenonip.org/web/data

https://paeriff.com/web/data

https://findulz.com/web/data

https://fredoam.com/web/data
Attributes
  • build_id

    12

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      f1d43050a57365d41f2ec6ac3f73f1ddf9fa454c8b96aa5aa30749490b5a5fd4

    • Size

      247KB

    • MD5

      be0da79c1c67a625af0b3dac757ee5f4

    • SHA1

      51c326ee3b994e2e0c63e4f3788e85d5e5eb4573

    • SHA256

      f1d43050a57365d41f2ec6ac3f73f1ddf9fa454c8b96aa5aa30749490b5a5fd4

    • SHA512

      1bfae94345e1c6db71b855100e9cf2b76c15a28b0fb4a77d1e6d518a3312477632896e521df0fa5b71052965afe7de971a71621f169fc2568f337f1008d73cd9

    Score
    10/10
    zloadermain2020-06-21botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks