Extracted

• • Target

    1724328616838.html

  • Size

    6KB

  • MD5

    7cec8f7f684cb7a8dadecbfbd0e34177

  • SHA1

    d2e184572cb6504a2cd71a4c74a8063b45c56b77

  • SHA256

    5d554ed83ed475b1537cb7785a1c9139ad2e61ac2c6c8484472d01c2a039595d

  • SHA512

    1efd2c0cef5bce06f600d70e1068a274306e6b2af4dbc16ab791cff3ca9e7b4c2003e269487000b473efbb65a587a213cb7f80acbfa47efc7f73c20a72bb9729

  • SSDEEP

    96:LYyj2Ts4lnMO1KZgupQmjif+fA17UAVIH2tDrJzal4/vhLTdutp4iS56XNrx:Gs4BM/Bp6T1TVmerWiZT8ptSS

  Score

  10^/10

  netsupportzloaderbotnetpersistencerattrojan

  • NetSupport

    NetSupport is a remote access tool sold as a legitimate system administration software.

    ratnetsupport

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Blocklisted process makes network request

  • Executes dropped EXE

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Adds Run key to start application

    persistence
  behavioral1