Overview

overview

10

Static

static

47b6fae16a...d5.dll

windows7_x64

10

47b6fae16a...d5.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    47b6fae16a8c59bf1be620cb167e2673af2e0ffa92503fadf101b4bd47132ed5

  • Size

    257KB

  • Sample

    220201-mh535sddg6

  • MD5

    a36249de66b9789bc13d15e0607ef837

  • SHA1

    b2ec5f094cdfed3d330e634c7cd68f6aca937fd1

  • SHA256

    47b6fae16a8c59bf1be620cb167e2673af2e0ffa92503fadf101b4bd47132ed5

  • SHA512

    9b2bfc147cbf3b26c01faf503a08fd03a890d62eed7c4300b0a640681f93704d27b43beb8671e91711af33366ea306d06c53599fc709aed181f1f2d58c681eab

Score
10/10
zloadermain2020-06-28botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-06-28

C2

https://glartrot.org/web/data

https://revenapo.org/web/data

https://findulz.com/web/data

https://fredoam.com/web/data

https://loinecs.org/web/data

https://arosora.org/web/data

https://cheneer.org/web/data

https://esplody.org/web/data
Attributes
  • build_id

    18

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      47b6fae16a8c59bf1be620cb167e2673af2e0ffa92503fadf101b4bd47132ed5

    • Size

      257KB

    • MD5

      a36249de66b9789bc13d15e0607ef837

    • SHA1

      b2ec5f094cdfed3d330e634c7cd68f6aca937fd1

    • SHA256

      47b6fae16a8c59bf1be620cb167e2673af2e0ffa92503fadf101b4bd47132ed5

    • SHA512

      9b2bfc147cbf3b26c01faf503a08fd03a890d62eed7c4300b0a640681f93704d27b43beb8671e91711af33366ea306d06c53599fc709aed181f1f2d58c681eab

    Score
    10/10
    zloadermain2020-06-28botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks