zloader | 4e806655a046a4f7043695160abe442ef01047fa0afd3544d866398b415e8ffc | Triage

Resubmissions

14-09-2022 02:49

220914-da8pmachel 10

Sharing

General

Target

insloc 4.6.0.exe
Size

57.2MB
Sample

220914-da8pmachel
MD5

baa9d0c345bf202e3c4c30bc827181f8
SHA1

464c2d581374ea2def254de3ed713f1a2442abae
SHA256

4e806655a046a4f7043695160abe442ef01047fa0afd3544d866398b415e8ffc
SHA512

2a48b27b7e94625c43982e58a47662e6242bb378c5f1fa8237fd319dd6dd694a833a9014a44556e83fd43273389bdae8e51c00a846e6bf64e7539faa61bb7e34
SSDEEP

1572864:flY02511ZrEJYhf8ZXJ/sb1BD26H8zvI9AqeHXyn7:dnY115EJYhUQb1BD3czv3rXyn7

Score

10^/10

zloader botnet trojan

Malware Config

Targets

- Target
  
  insloc 4.6.0.exe
- Size
  
  57.2MB
- MD5
  
  baa9d0c345bf202e3c4c30bc827181f8
- SHA1
  
  464c2d581374ea2def254de3ed713f1a2442abae
- SHA256
  
  4e806655a046a4f7043695160abe442ef01047fa0afd3544d866398b415e8ffc
- SHA512
  
  2a48b27b7e94625c43982e58a47662e6242bb378c5f1fa8237fd319dd6dd694a833a9014a44556e83fd43273389bdae8e51c00a846e6bf64e7539faa61bb7e34
- SSDEEP
  
  1572864:flY02511ZrEJYhf8ZXJ/sb1BD26H8zvI9AqeHXyn7:dnY115EJYhUQb1BD3czv3rXyn7
Score

10^/10

zloader botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbotnettrojan

behavioral2

zloaderbotnettrojan