zloader | 9907da0d3f0e6f9a460feef4d17ce8c241a415f10db005bb6339914a88838b5d

General

Target

9907da0d3f0e6f9a460feef4d17ce8c241a415f10db005bb6339914a88838b5d
Size

165KB
Sample

221027-hclp4abcgm
MD5

11346a6580159a53b49afde7b06409d3
SHA1

52352bc254b2c5a9c9343b42ecff2333696b2462
SHA256

9907da0d3f0e6f9a460feef4d17ce8c241a415f10db005bb6339914a88838b5d
SHA512

826094d548dd38d6c24332bd9e5103a862e59003e1ce319ab2165282e80f45745044ecc7df69e0d311b04114f17d6bc3b289723904f67e9078e645c6d0f52f3d
SSDEEP

3072:D35JbHcU122oCZaBrEvqxHFIPwS0CZFQYAqcisjkvTbV0jECnjol:D/bHtboiwEcGPwS02FBA3Z2bmjrnjol

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

DLLobnova

Campaign

2020

C2

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

https://dsdjfhdsufudhjas.info/gate.php

https://fdsjfjdsfjdsdsjajjs.info/gate.php

https://idisaudhasdhasdj.info/gate.php

Attributes

build_id
68

rc4.plain

Targets

- Target
  
  9907da0d3f0e6f9a460feef4d17ce8c241a415f10db005bb6339914a88838b5d
- Size
  
  165KB
- MD5
  
  11346a6580159a53b49afde7b06409d3
- SHA1
  
  52352bc254b2c5a9c9343b42ecff2333696b2462
- SHA256
  
  9907da0d3f0e6f9a460feef4d17ce8c241a415f10db005bb6339914a88838b5d
- SHA512
  
  826094d548dd38d6c24332bd9e5103a862e59003e1ce319ab2165282e80f45745044ecc7df69e0d311b04114f17d6bc3b289723904f67e9078e645c6d0f52f3d
- SSDEEP
  
  3072:D35JbHcU122oCZaBrEvqxHFIPwS0CZFQYAqcisjkvTbV0jECnjol:D/bHtboiwEcGPwS02FBA3Z2bmjrnjol
Score

10^/10

zloader dllobnova 2020 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2