Overview

overview

10

Static

static

14d333f681...2d.vbs

windows7_x64

10

14d333f681...2d.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

  • Size

    1.5MB

  • Sample

    220205-xptc2aedh9

  • MD5

    0d59d38d2ec5c6aa8b14e1ab7e7f0c5c

  • SHA1

    a587242db9200982a8a9d8308ce4c020020c6264

  • SHA256

    14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

  • SHA512

    c5f3247cd102d290df14860a73b2c1ffd666b9bb89a0afc35b54d004ef6e87b9455c48b46ed8a9c494293b1362156934afd27a543fd76b95dca97d99df0e6c54

Score
10/10
zloadermain19.04.2020botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

19.04.2020

C2

https://spardanos.com/sound.php

https://lonehee.com/sound.php

https://surgued.com/sound.php

https://tremood.com/sound.php

https://soceneo.com/sound.php

https://baatiot.com/sound.php

https://welefus.com/sound.php

https://maremeo.com/sound.php
Attributes
  • build_id

    39

rc4.plain

Targets

    • Target

      14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

    • Size

      1.5MB

    • MD5

      0d59d38d2ec5c6aa8b14e1ab7e7f0c5c

    • SHA1

      a587242db9200982a8a9d8308ce4c020020c6264

    • SHA256

      14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d

    • SHA512

      c5f3247cd102d290df14860a73b2c1ffd666b9bb89a0afc35b54d004ef6e87b9455c48b46ed8a9c494293b1362156934afd27a543fd76b95dca97d99df0e6c54

    Score
    10/10
    zloadermain19.04.2020botnetpersistencetrojan

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks