Overview

overview

10

Static

static

b8e75cbb6e...0f.dll

windows7_x64

10

b8e75cbb6e...0f.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b8e75cbb6e4c360fec71e12b85f3c5e4933e66a64928ff4d337ebe6a6cc9150f

  • Size

    271KB

  • Sample

    220201-lc1e2acfg9

  • MD5

    33a68078df295fc4632015069da91aee

  • SHA1

    c41acf7b1cd8dde61b5662a23600e480f7126c78

  • SHA256

    b8e75cbb6e4c360fec71e12b85f3c5e4933e66a64928ff4d337ebe6a6cc9150f

  • SHA512

    0e6dc45d23f7a8e99a9bc8a8b52b169b3b50438f5955bea35a74fbefe26e7317ce20ac27a317d5d9564b42f0e5237efea0eaf3166b61f9592e0e63e2cf288383

Score
10/10
zloaderdllobnovaogneniyupdatebotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

ogneniyupdate

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php
Attributes
  • build_id

    17

rc4.plain

Targets

    • Target

      b8e75cbb6e4c360fec71e12b85f3c5e4933e66a64928ff4d337ebe6a6cc9150f

    • Size

      271KB

    • MD5

      33a68078df295fc4632015069da91aee

    • SHA1

      c41acf7b1cd8dde61b5662a23600e480f7126c78

    • SHA256

      b8e75cbb6e4c360fec71e12b85f3c5e4933e66a64928ff4d337ebe6a6cc9150f

    • SHA512

      0e6dc45d23f7a8e99a9bc8a8b52b169b3b50438f5955bea35a74fbefe26e7317ce20ac27a317d5d9564b42f0e5237efea0eaf3166b61f9592e0e63e2cf288383

    Score
    10/10
    zloaderdllobnovaogneniyupdatebotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blocklisted process makes network request

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks