Overview

overview

10

Static

static

4f1b67de03...2a.dll

windows7_x64

10

4f1b67de03...2a.dll

windows10-2004_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

  • Size

    877KB

  • Sample

    220205-tgjl3sdcfj

  • MD5

    4773b4f06e91d998f15f56986eca1c04

  • SHA1

    47bd5aa4356028de73fde18268e4891bf7ec5aae

  • SHA256

    4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

  • SHA512

    6709ee7c50729eab38b0ab6fc72948fa66458c277d9109e605824105827db87d9c34e7559c4a9a7c7e2f3908f8c4ac49be587e9210928c99757a600a3b9d3c77

Score
10/10
zloadermain20.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

20.04.2020

C2

https://tremood.com/sound.php

https://soceneo.com/sound.php

https://baatiot.com/sound.php

https://welefus.com/sound.php

https://maremeo.com/sound.php
Attributes
  • build_id

    41

rc4.plain

Targets

    • Target

      4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

    • Size

      877KB

    • MD5

      4773b4f06e91d998f15f56986eca1c04

    • SHA1

      47bd5aa4356028de73fde18268e4891bf7ec5aae

    • SHA256

      4f1b67de033cb3d692e494a0104243edb1504185df21e5086dba1d10d941c12a

    • SHA512

      6709ee7c50729eab38b0ab6fc72948fa66458c277d9109e605824105827db87d9c34e7559c4a9a7c7e2f3908f8c4ac49be587e9210928c99757a600a3b9d3c77

    Score
    10/10
    zloadermain20.04.2020botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks