zloader | e57034ed17a79c4198e23e87bc0100cc3513238d6f9b1e0889522c63800f44ed

General

Target

e57034ed17a79c4198e23e87bc0100cc3513238d6f9b1e0889522c63800f44ed
Size

169KB
Sample

220511-cw8q3sded8
MD5

900db9b536bab558fef69814e4b9e527
SHA1

06ee45efd3d0276f79acec03dfd153ac75902a19
SHA256

e57034ed17a79c4198e23e87bc0100cc3513238d6f9b1e0889522c63800f44ed
SHA512

3d722dd1d901e3c5881f94e86c754f7af8fa37af2a867e2b1947a3caed106def13ac9d33cb1f70577558322b1b868621647c7199c286d1eaf0ed8be5a8ddbac2

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Nerino

C2

https://telsspelsa2.com/bFnF0y1r/7QKpXmV3Pz.php

https://redditmyways.com/bFnF0y1r/7QKpXmV3Pz.php

https://rrspmlsd1.com/bFnF0y1r/7QKpXmV3Pz.php

https://reservationsffrec.com/bFnF0y1r/7QKpXmV3Pz.php

https://tempmailsin112.com/bFnF0y1r/7QKpXmV3Pz.php

https://roadonroadonroad.com/bFnF0y1r/7QKpXmV3Pz.php

https://roadtocaliss.com/bFnF0y1r/7QKpXmV3Pz.php

https://referrer222.com/bFnF0y1r/7QKpXmV3Pz.php

https://makeitrainfordee.com/bFnF0y1r/7QKpXmV3Pz.php

https://makeitrainforffeer.com/bFnF0y1r/7QKpXmV3Pz.php

Attributes

build_id
64

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  e57034ed17a79c4198e23e87bc0100cc3513238d6f9b1e0889522c63800f44ed
- Size
  
  169KB
- MD5
  
  900db9b536bab558fef69814e4b9e527
- SHA1
  
  06ee45efd3d0276f79acec03dfd153ac75902a19
- SHA256
  
  e57034ed17a79c4198e23e87bc0100cc3513238d6f9b1e0889522c63800f44ed
- SHA512
  
  3d722dd1d901e3c5881f94e86c754f7af8fa37af2a867e2b1947a3caed106def13ac9d33cb1f70577558322b1b868621647c7199c286d1eaf0ed8be5a8ddbac2
Score

10^/10

zloader canadaloads nerino botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2