zloader | a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7

General

Target

a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7
Size

282KB
Sample

220201-ljnd2scbhn
MD5

4ab63b8e79b2a85bb9b9a18ee09e189c
SHA1

3e963c93377eb02aedd4f5d307445896fe82a290
SHA256

a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7
SHA512

4f3b3fbf69a4d401332dcc6bd9312861e169e88b106ea5e4e3cb431758ac080ffa5617ea1876709451c11aa296d33f4d33ce0b19092414aeea3ae423cd4e0f1d

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-08

C2

https://zonculet.com/web/data

https://dweandro.com/web/data

https://sweleger.com/web/data

https://cromecho.com/web/data

https://wunchilm.com/web/data

https://odoncrol.com/web/data

https://amemooll.org/web/data

https://urecheng.org/web/data

https://wiliefax.org/web/data

Attributes

build_id
25

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7
- Size
  
  282KB
- MD5
  
  4ab63b8e79b2a85bb9b9a18ee09e189c
- SHA1
  
  3e963c93377eb02aedd4f5d307445896fe82a290
- SHA256
  
  a654dbed7f65e6e6b8830e42b137fd85ddce872dc29ca006e8f7653f0aadcac7
- SHA512
  
  4f3b3fbf69a4d401332dcc6bd9312861e169e88b106ea5e4e3cb431758ac080ffa5617ea1876709451c11aa296d33f4d33ce0b19092414aeea3ae423cd4e0f1d
Score

10^/10

zloader main 2020-07-08 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2