Overview

overview

10

Static

static

6fed2a5943...69.dll

windows7_x64

10

6fed2a5943...69.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6fed2a5943e866a67e408a063589378ae4ce3aa2907cc58525a1b8f423284569

  • Size

    589KB

  • Sample

    220201-l6q4fsdca7

  • MD5

    b0754bbc9e7a8907d94dabd286aa8e30

  • SHA1

    8eb9adde4c5f109f7c9a27285b5da091773ad4eb

  • SHA256

    6fed2a5943e866a67e408a063589378ae4ce3aa2907cc58525a1b8f423284569

  • SHA512

    cac6ebce443420cb81788f1c0888d89cc391fd82d070af69b192890ee93586d7f84eb450013a019ee85d13962d39bf302e4b9ad0901aba2a8963f9b546863f78

Score
10/10
zloadermain28.05.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

28.05.2020

C2

https://pecketil.org/sound.php

https://weisnise.org/sound.php

https://erooneah.org/sound.php

https://semettyx.org/sound.php

https://dambalik.org/sound.php

https://twelicie.org/sound.php

https://reeution.org/sound.php

https://erreessi.org/sound.php
Attributes
  • build_id

    55

rc4.plain

Targets

    • Target

      6fed2a5943e866a67e408a063589378ae4ce3aa2907cc58525a1b8f423284569

    • Size

      589KB

    • MD5

      b0754bbc9e7a8907d94dabd286aa8e30

    • SHA1

      8eb9adde4c5f109f7c9a27285b5da091773ad4eb

    • SHA256

      6fed2a5943e866a67e408a063589378ae4ce3aa2907cc58525a1b8f423284569

    • SHA512

      cac6ebce443420cb81788f1c0888d89cc391fd82d070af69b192890ee93586d7f84eb450013a019ee85d13962d39bf302e4b9ad0901aba2a8963f9b546863f78

    Score
    10/10
    zloadermain28.05.2020botnettrojanpersistence

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks