zloader | ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7

General

Target

ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7
Size

539KB
Sample

220205-j6rc4shdg3
MD5

2bc2b695d5b27df05bbd86fa6feec860
SHA1

b1250a0a1c881f74f81c518c64dbca41bebaf62d
SHA256

ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7
SHA512

de669b3bdbdcc56948d9eb32be4cba6a06cc41db33d557b5b080d64583affb6f51ae6b7d10510b50847cb33484952d7e7ae6ce88f319d82925b9bebacea01e2c

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

Apr14

Campaign

Spam

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes

build_id
102

rc4.plain

Targets

- Target
  
  ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7
- Size
  
  539KB
- MD5
  
  2bc2b695d5b27df05bbd86fa6feec860
- SHA1
  
  b1250a0a1c881f74f81c518c64dbca41bebaf62d
- SHA256
  
  ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7
- SHA512
  
  de669b3bdbdcc56948d9eb32be4cba6a06cc41db33d557b5b080d64583affb6f51ae6b7d10510b50847cb33484952d7e7ae6ce88f319d82925b9bebacea01e2c
Score

10^/10

zloader apr14 spam botnet trojan persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Sets service image path in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2