Extracted

• • Target

    0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2

  • Size

    243KB

  • MD5

    7b5549a7d9e638eb713dce14c2ad357b

  • SHA1

    171c328013f121ea18c68436c5450b89c50e8794

  • SHA256

    0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2

  • SHA512

    b62f454bc52de5975b9327889cf52f2a7103936bd3437156ab85e31119ed42b8ea19bc78cefa07ded3a6b9c87407c6bf43bff25275b25bb5073bb07b079a0616

  Score

  10^/10

  zloaderdllobnovanewupdate326botnetpersistencetrojan

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blocklisted process makes network request

  • Sets service image path in registry

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2