Overview

overview

10

Static

static

3707ad9488...f5.vbs

windows7_x64

10

3707ad9488...f5.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

  • Size

    1.1MB

  • Sample

    220205-vfb2aaddh3

  • MD5

    88cb1b3a2c58a40c6ecbd2897465337d

  • SHA1

    2e866fde78317929b59ed9cf63806116b38a0602

  • SHA256

    3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

  • SHA512

    08450aaefbe3cce898ac8c6dcb5b065b773fdd2b0f66a630711b85d5510f8553f8d19fa6e634d42a6508deb46c10162b2ed74fd3a433f727799a56bbe4cc1bbc

Score
10/10
zloadermain01.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

01.04.2020

C2

https://postgringos.com/sound.php

https://tetraslims.com/sound.php

https://starterdatas.com/sound.php

https://nexycombats.com/sound.php

https://hibsurf.com/sound.php

https://buhismus.com/sound.php

https://spensores.com/sound.php

https://zonaa.org/sound.php

https://smoash.org/sound.php
Attributes
  • build_id

    31

rc4.plain

Targets

    • Target

      3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

    • Size

      1.1MB

    • MD5

      88cb1b3a2c58a40c6ecbd2897465337d

    • SHA1

      2e866fde78317929b59ed9cf63806116b38a0602

    • SHA256

      3707ad9488f65a2425dc524d7a496e4458410d31b576348487993272505018f5

    • SHA512

      08450aaefbe3cce898ac8c6dcb5b065b773fdd2b0f66a630711b85d5510f8553f8d19fa6e634d42a6508deb46c10162b2ed74fd3a433f727799a56bbe4cc1bbc

    Score
    10/10
    zloadermain01.04.2020botnetpersistencetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks