Overview

overview

10

Static

static

fffd7bc61e...06.dll

windows7_x64

10

fffd7bc61e...06.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306

  • Size

    408KB

  • Sample

    220205-h5r3kshae6

  • MD5

    2fa4f74d7a863c65769becdb7e81a752

  • SHA1

    3797c53fc81d27f6e4ef041323bb6c8d38888b88

  • SHA256

    fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306

  • SHA512

    e11cb310ec51b24b274434b0ec08f4ec1d7f8e6b2753fa2d89cf51c49b0511ea25d4b0a5750d68f6b0f28840ac67ce9e02eb039b12e729c66ae11786834cc1bf

Score
10/10
zloadermiguel21/04botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

21/04

C2

https://glsunzdf.casa/wp-config.php

https://xaprgnve.icu/wp-config.php
Attributes
  • build_id

    166

rc4.plain

Targets

    • Target

      fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306

    • Size

      408KB

    • MD5

      2fa4f74d7a863c65769becdb7e81a752

    • SHA1

      3797c53fc81d27f6e4ef041323bb6c8d38888b88

    • SHA256

      fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306

    • SHA512

      e11cb310ec51b24b274434b0ec08f4ec1d7f8e6b2753fa2d89cf51c49b0511ea25d4b0a5750d68f6b0f28840ac67ce9e02eb039b12e729c66ae11786834cc1bf

    Score
    10/10
    zloadermiguel21/04botnettrojanpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks