zloader | bd882e2eefd0145ff169d868c1815df272f84a5ad1e501cfa5c3336839774171 | Triage

Sharing

General

Target

bd882e2eefd0145ff169d868c1815df272f84a5ad1e501cfa5c3336839774171_unpacked
Size

119KB
Sample

221027-hcmmdsbce4
MD5

8af1f18ed86898a92c5e20d9d3abaf7a
SHA1

e789544575c2a0a74524ab50fc47d348af876093
SHA256

bd882e2eefd0145ff169d868c1815df272f84a5ad1e501cfa5c3336839774171
SHA512

ac12219195622d65790a63c405a32c0b9f38fe74e7492cb7894d934b84792e22c25ba3453cdcd7fc9e228190082b0e132bce167e0e6e4c10aeea804ac2a168c2
SSDEEP

3072:7LnLvYuSYOkboKxL35ouXgkfMVtViEoW:XLYuSYIKxDwLj

Score

10^/10

zloader botnet persistence trojan

Malware Config

Extracted

Family

zloader

Attributes

build_id
3238765

Targets

- Target
  
  bd882e2eefd0145ff169d868c1815df272f84a5ad1e501cfa5c3336839774171_unpacked
- Size
  
  119KB
- MD5
  
  8af1f18ed86898a92c5e20d9d3abaf7a
- SHA1
  
  e789544575c2a0a74524ab50fc47d348af876093
- SHA256
  
  bd882e2eefd0145ff169d868c1815df272f84a5ad1e501cfa5c3336839774171
- SHA512
  
  ac12219195622d65790a63c405a32c0b9f38fe74e7492cb7894d934b84792e22c25ba3453cdcd7fc9e228190082b0e132bce167e0e6e4c10aeea804ac2a168c2
- SSDEEP
  
  3072:7LnLvYuSYOkboKxL35ouXgkfMVtViEoW:XLYuSYIKxDwLj
Score

10^/10

zloader botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbotnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan