zloader | adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957

General

Target

adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
Size

275KB
Sample

220201-lgjyvacge5
MD5

285be226c4da6aa4a366aa7bdbafb23b
SHA1

a6c3594107c9fe781690ca7c9158d27c41d9ed53
SHA256

adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
SHA512

9649fd35341413f525cb46175b682a40a081e56734672ce2f8fc76c845ad10a112ad5939cf3712b95cdf1addc3775eecdcd3c35e4854f41585f56613859b7545

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

banking

Campaign

banking

C2

https://iloveyoubaby1.pro/gate.php

https://idsakjfsanfaskj.com/gate.php

https://fslakdasjdnsasjsj.com/gate.php

https://dksadjsahnfaskmsa.com/gate.php

https://dskdsajdsahda.info/gate.php

https://dskdsajdsadasda.info/gate.php

https://dskjdsadhsahjsas.info/gate.php

https://dsjadjsadjsadjafsa.info/gate.php

https://fsakjdsafasifkajfaf.pro/gate.php

https://djsadhsadsadjashs.pro/gate.php

Attributes

build_id
6

rc4.plain

Targets

- Target
  
  adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
- Size
  
  275KB
- MD5
  
  285be226c4da6aa4a366aa7bdbafb23b
- SHA1
  
  a6c3594107c9fe781690ca7c9158d27c41d9ed53
- SHA256
  
  adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
- SHA512
  
  9649fd35341413f525cb46175b682a40a081e56734672ce2f8fc76c845ad10a112ad5939cf3712b95cdf1addc3775eecdcd3c35e4854f41585f56613859b7545
Score

10^/10

zloader banking banking botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2