General

  • Target

    0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

  • Size

    422KB

  • Sample

    221027-hchnfabcd2

  • MD5

    f55920966b4970588ce643af0fcc03a7

  • SHA1

    97c44c58f24358442cb1811a7694e5b395e82d61

  • SHA256

    0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

  • SHA512

    b5e6f91e65eacd6c1ad5f563f0d9184fd21fb88848008c7ea568d7c40c63fcbf217eeee2830a521313a3152e538821a469630fe951e760405972afae8516023e

  • SSDEEP

    12288:yClc4hq+Ytl63+YzGKBTpJHtvgqYe7S9S:Tlc4kBl6OabpFtGgS0

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    49

Targets

    • Target

      0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

    • Size

      422KB

    • MD5

      f55920966b4970588ce643af0fcc03a7

    • SHA1

      97c44c58f24358442cb1811a7694e5b395e82d61

    • SHA256

      0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

    • SHA512

      b5e6f91e65eacd6c1ad5f563f0d9184fd21fb88848008c7ea568d7c40c63fcbf217eeee2830a521313a3152e538821a469630fe951e760405972afae8516023e

    • SSDEEP

      12288:yClc4hq+Ytl63+YzGKBTpJHtvgqYe7S9S:Tlc4kBl6OabpFtGgS0

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blocklisted process makes network request

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks