Overview

overview

10

Static

static

ee30458866...b7.dll

windows7_x64

10

ee30458866...b7.dll

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7

  • Size

    539KB

  • Sample

    220205-j6rc4shdg3

  • MD5

    2bc2b695d5b27df05bbd86fa6feec860

  • SHA1

    b1250a0a1c881f74f81c518c64dbca41bebaf62d

  • SHA256

    ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7

  • SHA512

    de669b3bdbdcc56948d9eb32be4cba6a06cc41db33d557b5b080d64583affb6f51ae6b7d10510b50847cb33484952d7e7ae6ce88f319d82925b9bebacea01e2c

Score
10/10
zloaderapr14spambotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

Apr14

Campaign

Spam

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php
Attributes
  • build_id

    102

rc4.plain

Targets

    • Target

      ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7

    • Size

      539KB

    • MD5

      2bc2b695d5b27df05bbd86fa6feec860

    • SHA1

      b1250a0a1c881f74f81c518c64dbca41bebaf62d

    • SHA256

      ee304588666deeca692b1b03be4b69ff4fd5484334ba9d5ea8da8d8ae2464fb7

    • SHA512

      de669b3bdbdcc56948d9eb32be4cba6a06cc41db33d557b5b080d64583affb6f51ae6b7d10510b50847cb33484952d7e7ae6ce88f319d82925b9bebacea01e2c

    Score
    10/10
    zloaderapr14spambotnettrojanpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Sets service image path in registry

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks