zloader | 31cf42b2a7c5c558f44cfc67684cc344c17d4946d3a1e0b2cecb8eb58173cb2f

General

Target

invest_20.dll
Size

453KB
Sample

221012-x6rwjahce7
MD5

c9affd7934e4d9b4dec4c40b2a71a381
SHA1

aac940f9906034938cd657ed2ba21bc675e6ae20
SHA256

31cf42b2a7c5c558f44cfc67684cc344c17d4946d3a1e0b2cecb8eb58173cb2f
SHA512

82d18e7815ed38c07ca0b6ec82cb2e30451d0e02a9cd761e1d55d6f05955fac3df303d96bac89dea6dfa3b90def945ca413ae9854dd7b24fbcc18e6c6040f18a
SSDEEP

6144:JWm73CWN0OejuX3VR4YCrqGro3O32YHFhIaA1fjYDr1qhHkmviFJf0:JKGK6Vtiq0UOdFhqLYwP2Jf0

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

goldhub

Campaign

01.04.20

C2

https://105711.com/docs.php

https://209711.com/process.php

https://106311.com/comegetsome.php

https://124331.com/success.php

Attributes

build_id
42

rc4.plain

Targets

- Target
  
  invest_20.dll
- Size
  
  453KB
- MD5
  
  c9affd7934e4d9b4dec4c40b2a71a381
- SHA1
  
  aac940f9906034938cd657ed2ba21bc675e6ae20
- SHA256
  
  31cf42b2a7c5c558f44cfc67684cc344c17d4946d3a1e0b2cecb8eb58173cb2f
- SHA512
  
  82d18e7815ed38c07ca0b6ec82cb2e30451d0e02a9cd761e1d55d6f05955fac3df303d96bac89dea6dfa3b90def945ca413ae9854dd7b24fbcc18e6c6040f18a
- SSDEEP
  
  6144:JWm73CWN0OejuX3VR4YCrqGro3O32YHFhIaA1fjYDr1qhHkmviFJf0:JKGK6Vtiq0UOdFhqLYwP2Jf0
Score

10^/10

zloader goldhub 01.04.20 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2