zloader | d010b0b5bff25d4cc9b65d8f24e4ae5b596804d4c60c506e993d312323a881bb | Triage

Sharing

General

Target

0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1_unpacked
Size

156KB
Sample

221027-hchy7sbcd4
MD5

d9260a4b6dbbd14005070ea871f4cfd2
SHA1

456ce2295431e297036bf9f185b6a80d1866f849
SHA256

d010b0b5bff25d4cc9b65d8f24e4ae5b596804d4c60c506e993d312323a881bb
SHA512

43ba2387df4cae14d3b696d9ac23977e32eadd30dff24b862fc9dcc33d9b73bdfba40d6363b8906627454cbc76635720c64b35d7bbeecf27ba71673c62957fbe
SSDEEP

3072:EcuwpCTxFeqTqLtg2l3z1TR9lPl4Bq89CP9qCL3qZnd2+gvcYwl6:tuwpCTxFIljz9lPCBq8jaL

Score

10^/10

zloader botnet persistence trojan

Malware Config

Extracted

Family

zloader

Attributes

build_id
49

Targets

- Target
  
  0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1_unpacked
- Size
  
  156KB
- MD5
  
  d9260a4b6dbbd14005070ea871f4cfd2
- SHA1
  
  456ce2295431e297036bf9f185b6a80d1866f849
- SHA256
  
  d010b0b5bff25d4cc9b65d8f24e4ae5b596804d4c60c506e993d312323a881bb
- SHA512
  
  43ba2387df4cae14d3b696d9ac23977e32eadd30dff24b862fc9dcc33d9b73bdfba40d6363b8906627454cbc76635720c64b35d7bbeecf27ba71673c62957fbe
- SSDEEP
  
  3072:EcuwpCTxFeqTqLtg2l3z1TR9lPl4Bq89CP9qCL3qZnd2+gvcYwl6:tuwpCTxFIljz9lPCBq8jaL
Score

10^/10

zloader botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbotnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan