zloader | 16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c

General

Target

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
Size

310KB
Sample

220201-myf4ysdfe6
MD5

b9d425b1970b5fd03aed67053d97916d
SHA1

6b198494ce7d94fe26e72f4d0de776c897d9231a
SHA256

16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
SHA512

621449a17709fb703c18e84b31956a1fefd7a0204743061c401f7208a12c9a51df6f60eee0be155ca290d0336e46b7fdef8eaa4267dc8147916f43d824cb989d

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

banking

Campaign

banking

C2

https://iloveyoubaby1.pro/gate.php

https://idsakjfsanfaskj.com/gate.php

https://fslakdasjdnsasjsj.com/gate.php

https://dksadjsahnfaskmsa.com/gate.php

https://dskdsajdsahda.info/gate.php

https://dskdsajdsadasda.info/gate.php

https://dskjdsadhsahjsas.info/gate.php

https://dsjadjsadjsadjafsa.info/gate.php

https://fsakjdsafasifkajfaf.pro/gate.php

https://djsadhsadsadjashs.pro/gate.php

Attributes

build_id
2

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
- Size
  
  310KB
- MD5
  
  b9d425b1970b5fd03aed67053d97916d
- SHA1
  
  6b198494ce7d94fe26e72f4d0de776c897d9231a
- SHA256
  
  16464a294fc276ea38e4f8aedd7fa6d1f426036d42b342bde27bdc63b5c6658c
- SHA512
  
  621449a17709fb703c18e84b31956a1fefd7a0204743061c401f7208a12c9a51df6f60eee0be155ca290d0336e46b7fdef8eaa4267dc8147916f43d824cb989d
Score

10^/10

zloader banking banking botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2