zloader | fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9

General

Target

fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
Size

472KB
Sample

220205-jg3pvahcgr
MD5

1d03a39c5b1f99fc9c33bc4a9811cf0f
SHA1

ede00a9c20689c8c6dc5fa301b46c2a74ebe01af
SHA256

fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
SHA512

fc3f2d776632fbfb1f3d0c3c32e3e57b818a697a53cc587fef3bc8e15f052573e90fffd493032a28eb7d93db93732efff523d406caf7dc07f733bac1b44fc126

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

April24misha

Campaign

April24misha

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

Attributes

build_id
122

rc4.plain

Targets

- Target
  
  fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
- Size
  
  472KB
- MD5
  
  1d03a39c5b1f99fc9c33bc4a9811cf0f
- SHA1
  
  ede00a9c20689c8c6dc5fa301b46c2a74ebe01af
- SHA256
  
  fb55aa4029e826e42520861cc82a8db4a3568f1d2b5fe6f39d7bf870ec0005f9
- SHA512
  
  fc3f2d776632fbfb1f3d0c3c32e3e57b818a697a53cc587fef3bc8e15f052573e90fffd493032a28eb7d93db93732efff523d406caf7dc07f733bac1b44fc126
Score

10^/10

zloader april24misha april24misha botnet suricata trojan persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- Blocklisted process makes network request
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

Blocklisted process makes network request

Sets service image path in registry

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2