Overview

overview

10

Static

static

084b111848...d2.exe

windows7_x64

1

084b111848...d2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

  • Size

    6.3MB

  • Sample

    220530-2bhrlahcgj

  • MD5

    91944610aa2f3b1f939739be42a99a3f

  • SHA1

    f712fca98067978b136329ff9662b3b02460ee6c

  • SHA256

    084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

  • SHA512

    81b5a435438a745d5526e0abd2fe3d33fce99590ed42ce911c34f4d3bfa574c1412b5e9142c7e26bef4031224279570fadb9530be2021a8c756b8397a1b2e716

Score
10/10
zloaderbotnetcryptonepackertrojan

Malware Config

Targets

    • Target

      084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

    • Size

      6.3MB

    • MD5

      91944610aa2f3b1f939739be42a99a3f

    • SHA1

      f712fca98067978b136329ff9662b3b02460ee6c

    • SHA256

      084b111848222e38cc818da3e74fb8af7e5e5a60fa894ac4cf634f7f40b2bcd2

    • SHA512

      81b5a435438a745d5526e0abd2fe3d33fce99590ed42ce911c34f4d3bfa574c1412b5e9142c7e26bef4031224279570fadb9530be2021a8c756b8397a1b2e716

    Score
    10/10
    zloaderbotnetcryptonepackertrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks