Overview

overview

10

Static

static

34f383ad79...b7.dll

windows7_x64

1

34f383ad79...b7.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34f383ad792bd93bc10079ee7f2a620402f35c25655eb7f2621f4b4a0a7c74b7

  • Size

    271KB

  • Sample

    220201-mm35cadabm

  • MD5

    4adb79c27c4ac05f61506c8462a6a14b

  • SHA1

    b9adbe56bc4e5f642002b963f1198932602559f8

  • SHA256

    34f383ad792bd93bc10079ee7f2a620402f35c25655eb7f2621f4b4a0a7c74b7

  • SHA512

    74510a64102f2a3c58e361adabf137a8ebb187804ff6ff80117b64796087bb986a5d101a5fd7cccffb6f422ce6ce2128fcd5c44f121e617d4b697a76ac2a94d0

Score
10/10
zloadermain2020-06-24botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-06-24

C2

https://glartrot.org/web/data

https://revenapo.org/web/data

https://findulz.com/web/data

https://fredoam.com/web/data

https://loinecs.org/web/data

https://arosora.org/web/data

https://cheneer.org/web/data

https://esplody.org/web/data
Attributes
  • build_id

    16

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      34f383ad792bd93bc10079ee7f2a620402f35c25655eb7f2621f4b4a0a7c74b7

    • Size

      271KB

    • MD5

      4adb79c27c4ac05f61506c8462a6a14b

    • SHA1

      b9adbe56bc4e5f642002b963f1198932602559f8

    • SHA256

      34f383ad792bd93bc10079ee7f2a620402f35c25655eb7f2621f4b4a0a7c74b7

    • SHA512

      74510a64102f2a3c58e361adabf137a8ebb187804ff6ff80117b64796087bb986a5d101a5fd7cccffb6f422ce6ce2128fcd5c44f121e617d4b697a76ac2a94d0

    Score
    10/10
    zloadermain2020-06-24botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks