zloader | 8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352

General

Target

8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
Size

255KB
Sample

220201-lwle8adad4
MD5

0c08b1960c39c2c9524dba1ffe86753c
SHA1

8e1f2c5aae34110d22b8e93277e2985473b3d2c9
SHA256

8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
SHA512

5f7eb2dfe282cbd90746f0ea810645ebe05d649565b2002dac0bb83a0ac305e42d6ddda7952246c5cc10027332a9a7afa618dfb1101472764468b9767f72e2fc

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

cookiesfix

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php

Attributes

build_id
26

rc4.plain

Targets

- Target
  
  8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
- Size
  
  255KB
- MD5
  
  0c08b1960c39c2c9524dba1ffe86753c
- SHA1
  
  8e1f2c5aae34110d22b8e93277e2985473b3d2c9
- SHA256
  
  8be791cfaf6dbe2f1022406cbab97c3f53a084abd5b7e2ede043bd10de268352
- SHA512
  
  5f7eb2dfe282cbd90746f0ea810645ebe05d649565b2002dac0bb83a0ac305e42d6ddda7952246c5cc10027332a9a7afa618dfb1101472764468b9767f72e2fc
Score

10^/10

zloader dllobnova cookiesfix botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2