zloader | f63e761cf5dfe53b09554fb2baf02ad9445ee3a46b3bf53769587690f98961f1 | Triage

Submit
Reports

Overview

overview

Static

static

CricutDesi...17.exe

windows10-1703-x64

CricutDesi...17.exe

windows10-2004-x64

Sharing

General

Target

CricutDesignSpace-Install-v7.16.117.exe
Size

137.0MB
Sample

220909-xtgj2acfgj
MD5

bdb6d16a9208604994a4c135d333c2a2
SHA1

d5e1622253bdae269949e72d23d7011b7fef0b18
SHA256

f63e761cf5dfe53b09554fb2baf02ad9445ee3a46b3bf53769587690f98961f1
SHA512

98bb2b69521c939dccda54ddbe0bf35fec208079d99b1282b81c9947133d26d78f4dc0b0a732d6be01b5b99c7d0719c182b8be9fc1bcda2c21602e65fcbf0b22
SSDEEP

3145728:BgIsyUzwC0o9MAY65RWsTrEbR2XZql0nPOk5Ix2LBDSG:CIlwwCHM65rreR2pI0POkQCg

Score

10^/10

zloader botnet discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

CricutDesignSpace-Install-v7.16.117.exe

Resource

win10-20220812-en

zloader botnet discovery trojan

windows10-1703-x64

12 signatures

300 seconds

Behavioral task

behavioral2

Sample

CricutDesignSpace-Install-v7.16.117.exe

Resource

win10v2004-20220901-en

zloader botnet discovery trojan

windows10-2004-x64

12 signatures

300 seconds

Malware Config

Targets

- Target
  
  CricutDesignSpace-Install-v7.16.117.exe
- Size
  
  137.0MB
- MD5
  
  bdb6d16a9208604994a4c135d333c2a2
- SHA1
  
  d5e1622253bdae269949e72d23d7011b7fef0b18
- SHA256
  
  f63e761cf5dfe53b09554fb2baf02ad9445ee3a46b3bf53769587690f98961f1
- SHA512
  
  98bb2b69521c939dccda54ddbe0bf35fec208079d99b1282b81c9947133d26d78f4dc0b0a732d6be01b5b99c7d0719c182b8be9fc1bcda2c21602e65fcbf0b22
- SSDEEP
  
  3145728:BgIsyUzwC0o9MAY65RWsTrEbR2XZql0nPOk5Ix2LBDSG:CIlwwCHM65rreR2pI0POkQCg
Score

10^/10

zloader botnet discovery trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbotnetdiscoverytrojan

behavioral2

zloaderbotnetdiscoverytrojan

© 2018-2024

Terms | Privacy