Extracted

• • Target

    1be04e51510b2aafb51598838b97124a73952c46b17d3d1c38254dd6d94e82a7

  • Size

    274KB

  • MD5

    11abbd1cd5e968e03b053426b33e64e1

  • SHA1

    7e1bc02b6bc16d4df3f532c8e8498f898ed0acb6

  • SHA256

    1be04e51510b2aafb51598838b97124a73952c46b17d3d1c38254dd6d94e82a7

  • SHA512

    36ef0aa604b36e0e2cdeaded3f4e0593a63747ee80ea114a6ad771d3744c2f56a840148d9b47e7710689d08c8e7f7ffed6d318c99c68b26dcffef8b595e22bc8

  Score

  10^/10

  zloaderbankingbankingbotnetpersistencetrojan

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blocklisted process makes network request

  • Sets service image path in registry

    persistence

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2