Overview

overview

10

Static

static

8176f21fb8...74.exe

windows7_x64

10

8176f21fb8...74.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8176f21fb83482ae1e7a723fdc352697795f07d03c30ff68410203127369c974

  • Size

    1.0MB

  • Sample

    220524-2t3vgsagg9

  • MD5

    ea1c4f1656731c8e075fcc06557e71d1

  • SHA1

    81fc93fa20955013e7fcacdde22a9f204dc50459

  • SHA256

    8176f21fb83482ae1e7a723fdc352697795f07d03c30ff68410203127369c974

  • SHA512

    510f37a08724dbc701b1975cc497e503672d19fd4a73ad7668a5d83f001f13219cdc86d3f72bf8714f42ede6da753f5eea175455e732d382ae5ca4f565594d3a

Score
10/10
zloadernewnewbotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

new

Campaign

new

C2

https://sfturedfyr.xyz/int.php

Attributes
  • build_id

    42

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      8176f21fb83482ae1e7a723fdc352697795f07d03c30ff68410203127369c974

    • Size

      1.0MB

    • MD5

      ea1c4f1656731c8e075fcc06557e71d1

    • SHA1

      81fc93fa20955013e7fcacdde22a9f204dc50459

    • SHA256

      8176f21fb83482ae1e7a723fdc352697795f07d03c30ff68410203127369c974

    • SHA512

      510f37a08724dbc701b1975cc497e503672d19fd4a73ad7668a5d83f001f13219cdc86d3f72bf8714f42ede6da753f5eea175455e732d382ae5ca4f565594d3a

    Score
    10/10
    zloadernewnewbotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks