Overview

overview

10

Static

static

99fe4effb3...8f.dll

windows7_x64

10

99fe4effb3...8f.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    99fe4effb3bd5d31a6c9b740f693460042e9b327b6e6d78aaa04d40762784c8f

  • Size

    311KB

  • Sample

    220201-lm3m5scceq

  • MD5

    740dfab684548a0de118932556322457

  • SHA1

    3c2f4e6d4bac71bf3541d99f279f535a3f479fb1

  • SHA256

    99fe4effb3bd5d31a6c9b740f693460042e9b327b6e6d78aaa04d40762784c8f

  • SHA512

    4e254f45b4b4881ca59cde612388f4a62a9f1512352f6710d4abb3cc9e212cde5d31b4a9273b8cfdd7bbedb69979c478eae5a4b6232f2af8a167b74fa487b856

Score
10/10
zloaderdllobnovaalisabotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

alisa

C2

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php

https://dsdjfhdsufudhjas.name/gate.php

https://dsdjfhd9ddksaas.com/gate.php

https://dsdjfhdsufudhjas.pw/gate.php

https://dsdjfhd9ddksaas.ru/gate.php

https://dsdjfhdsufudhjas.su/gate.php

https://kdsadisadijdsasm2.com/gate.php

https://dsdjfhdsufudhjas.net/gate.php

https://dsdjfhd9ddksaas.eu/gate.php
Attributes
  • build_id

    5

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      99fe4effb3bd5d31a6c9b740f693460042e9b327b6e6d78aaa04d40762784c8f

    • Size

      311KB

    • MD5

      740dfab684548a0de118932556322457

    • SHA1

      3c2f4e6d4bac71bf3541d99f279f535a3f479fb1

    • SHA256

      99fe4effb3bd5d31a6c9b740f693460042e9b327b6e6d78aaa04d40762784c8f

    • SHA512

      4e254f45b4b4881ca59cde612388f4a62a9f1512352f6710d4abb3cc9e212cde5d31b4a9273b8cfdd7bbedb69979c478eae5a4b6232f2af8a167b74fa487b856

    Score
    10/10
    zloaderdllobnovaalisabotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks