zloader | 023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82 | Triage

Resubmissions

15-11-2023 11:10

231115-m96hzsgb22 10

02-05-2022 23:45

220502-3rtpgaeghq 10

Sharing

General

Target

023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82
Size

2.6MB
Sample

220502-3rtpgaeghq
MD5

fb95561e8ed7289d015e945ad470e6db
SHA1

03573bc869701cffd7c96e223633d46b0a23823a
SHA256

023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82
SHA512

2a0bf4048c1a9eca9e13566b1512403b51462c8eb71cfb273225fbc221aa156a3d3eb571fa5328ff2f4e2ef7026b3e8847f0c0a739d8f989ba716efa411821a6

Score

10^/10

zloader pref fpref botnet cryptone packer persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

pref

Campaign

fpref

C2

http://penaz.info/gate.php

http:// advokat-hodonin.info/gate.php

Attributes

build_id
7

rc4.plain

Targets

- Target
  
  023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82
- Size
  
  2.6MB
- MD5
  
  fb95561e8ed7289d015e945ad470e6db
- SHA1
  
  03573bc869701cffd7c96e223633d46b0a23823a
- SHA256
  
  023f1ef0cc2c1e055b05ae1ff5bcc6bf2421003dea227aeb6d70c8a525fa3b82
- SHA512
  
  2a0bf4048c1a9eca9e13566b1512403b51462c8eb71cfb273225fbc221aa156a3d3eb571fa5328ff2f4e2ef7026b3e8847f0c0a739d8f989ba716efa411821a6
Score

10^/10

zloader pref fpref botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderpreffprefbotnetpersistencetrojan

behavioral2

zloaderpreffprefbotnetpersistencetrojan