zloader | 0a6df8d51b26c7bd3a7376f6118049f1c37a91ee0b2f1ada2b86c561d1170e1b

General

Target

0a6df8d51b26c7bd3a7376f6118049f1c37a91ee0b2f1ada2b86c561d1170e1b
Size

258KB
Sample

220201-m28y5sdga5
MD5

49584f3cfff1654ca65de4dcab99f4eb
SHA1

cf10674919968daff5fa1c589df97ce5a9e120a3
SHA256

0a6df8d51b26c7bd3a7376f6118049f1c37a91ee0b2f1ada2b86c561d1170e1b
SHA512

4d3443b89a7b054121b4f4ae1179a011fb946ce585471b499fd67029d536f904ddd3bce87ccb5823b9b6f790ce6d8152314da38d40248cf3f0ebe2876733222d

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

newupdate326

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

https://dsdjfhdsufudhjas.pro/gate.php

https://dsdjfhd9ddksaas.pro/gate.php

Attributes

build_id
77

rc4.plain

Targets

- Target
  
  0a6df8d51b26c7bd3a7376f6118049f1c37a91ee0b2f1ada2b86c561d1170e1b
- Size
  
  258KB
- MD5
  
  49584f3cfff1654ca65de4dcab99f4eb
- SHA1
  
  cf10674919968daff5fa1c589df97ce5a9e120a3
- SHA256
  
  0a6df8d51b26c7bd3a7376f6118049f1c37a91ee0b2f1ada2b86c561d1170e1b
- SHA512
  
  4d3443b89a7b054121b4f4ae1179a011fb946ce585471b499fd67029d536f904ddd3bce87ccb5823b9b6f790ce6d8152314da38d40248cf3f0ebe2876733222d
Score

10^/10

zloader dllobnova newupdate326 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2

T1060

Privilege Escalation

Defense Evasion

Modify Registry

2

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Sets service image path in registry

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2