Overview

overview

10

Static

static

acc5fe0088...fd.dll

windows7_x64

10

acc5fe0088...fd.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acc5fe0088037ddc055f9286380c56583effa1186afe9d08caea3e197b2643fd

  • Size

    764KB

  • Sample

    220419-c1vp1sbgb5

  • MD5

    ebc6187124521528375d17372a16ae94

  • SHA1

    1aee7da350e939d1686cd52c258f05270e63f990

  • SHA256

    acc5fe0088037ddc055f9286380c56583effa1186afe9d08caea3e197b2643fd

  • SHA512

    6e8f3dbc3a3121c00b6574558be8acc3331e7a8b7ca6aa2ae354d9d6ae62a69ffc3541f40b16cd0fb5364dd9f4ec430639a1ffaec987fa2d4dfd0850930f56f5

Score
10/10
zloader17/03botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

17/03

C2

https://dhteijwrb.host/milagrecf.php

https://aquolepp.pw/milagrecf.php
Attributes
  • build_id

    92

rc4.plain

Targets

    • Target

      acc5fe0088037ddc055f9286380c56583effa1186afe9d08caea3e197b2643fd

    • Size

      764KB

    • MD5

      ebc6187124521528375d17372a16ae94

    • SHA1

      1aee7da350e939d1686cd52c258f05270e63f990

    • SHA256

      acc5fe0088037ddc055f9286380c56583effa1186afe9d08caea3e197b2643fd

    • SHA512

      6e8f3dbc3a3121c00b6574558be8acc3331e7a8b7ca6aa2ae354d9d6ae62a69ffc3541f40b16cd0fb5364dd9f4ec430639a1ffaec987fa2d4dfd0850930f56f5

    Score
    10/10
    zloader17/03botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks