zloader | 77dd0d459a930c4e2692f935d775f9aa6560e26b19715ee61c20ce6bdbcc8200

General

Target

77dd0d459a930c4e2692f935d775f9aa6560e26b19715ee61c20ce6bdbcc8200
Size

324KB
Sample

220201-l35gnsdbf2
MD5

e43a89f63cca4ca94f565cdb04d7074b
SHA1

0d7dc6e290158fa8fd2f1ef6b88cd9e7404949f0
SHA256

77dd0d459a930c4e2692f935d775f9aa6560e26b19715ee61c20ce6bdbcc8200
SHA512

caab98ebee86c0261a78ed7907995d6e1206d7dc944d7281d0f8c28d55bb08e487c71516b24a0f301aac94e6a34a1da7c3221112192fb7463602b25043badb9d

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

cookiesfix

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php

Attributes

build_id
23

rc4.plain

Targets

- Target
  
  77dd0d459a930c4e2692f935d775f9aa6560e26b19715ee61c20ce6bdbcc8200
- Size
  
  324KB
- MD5
  
  e43a89f63cca4ca94f565cdb04d7074b
- SHA1
  
  0d7dc6e290158fa8fd2f1ef6b88cd9e7404949f0
- SHA256
  
  77dd0d459a930c4e2692f935d775f9aa6560e26b19715ee61c20ce6bdbcc8200
- SHA512
  
  caab98ebee86c0261a78ed7907995d6e1206d7dc944d7281d0f8c28d55bb08e487c71516b24a0f301aac94e6a34a1da7c3221112192fb7463602b25043badb9d
Score

10^/10

zloader dllobnova cookiesfix botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2