Overview

overview

10

Static

static

a654dbed7f...c7.dll

windows7_x64

10

a654dbed7f...c7.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7

  • Size

    282KB

  • Sample

    220201-ljnd2scbhn

  • MD5

    4ab63b8e79b2a85bb9b9a18ee09e189c

  • SHA1

    3e963c93377eb02aedd4f5d307445896fe82a290

  • SHA256

    a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7

  • SHA512

    4f3b3fbf69a4d401332dcc6bd9312861e169e88b106ea5e4e3cb431758ac080ffa5617ea1876709451c11aa296d33f4d33ce0b19092414aeea3ae423cd4e0f1d

Score
10/10
zloadermain2020-07-08botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-08

C2

https://zonculet.com/web/data

https://dweandro.com/web/data

https://sweleger.com/web/data

https://cromecho.com/web/data

https://wunchilm.com/web/data

https://odoncrol.com/web/data

https://amemooll.org/web/data

https://urecheng.org/web/data

https://wiliefax.org/web/data
Attributes
  • build_id

    25

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7

    • Size

      282KB

    • MD5

      4ab63b8e79b2a85bb9b9a18ee09e189c

    • SHA1

      3e963c93377eb02aedd4f5d307445896fe82a290

    • SHA256

      a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7

    • SHA512

      4f3b3fbf69a4d401332dcc6bd9312861e169e88b106ea5e4e3cb431758ac080ffa5617ea1876709451c11aa296d33f4d33ce0b19092414aeea3ae423cd4e0f1d

    Score
    10/10
    zloadermain2020-07-08botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks