zloader | cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9 | Triage

Resubmissions

26-12-2022 13:28

221226-qqr32agb8w 10

27-10-2022 06:35

221027-hcmx6abcgr 10

Sharing

General

Target

cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9
Size

139KB
Sample

221027-hcmx6abcgr
MD5

d91b498e5fc6c91e1e86b339407b58f7
SHA1

369e3c4646a69b99a797e0e288fd3145e2a6f35a
SHA256

cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9
SHA512

b981f7c4857327708233bf7e44bfb485c1cc7148ca850a63b12f854215edb583f5a499109d67b94f213226d23d0f4e0e5d04b888193fa5e799e30f051e9c9dbd
SSDEEP

3072:XBkH2At/3YyzX2OpphkGYI+C9AwcOZBJ7zk:n6/IAFkCDc+BJ7w

Score

10^/10

zloader vlenie10 obnova10 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

vlenie10

Campaign

obnova10

C2

https://kdsidsiadsakfsas.com/gate.php

https://jdafiasfjsafahhfs.com/gate.php

https://dasifosafjasfhasf.com/gate.php

https://kasfajfsafhasfhaf.com/gate.php

https://fdsjfjdsfjdsjfdjsfh.com/gate.php

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php

Attributes

build_id
1869505135

rc4.plain

Targets

- Target
  
  cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9
- Size
  
  139KB
- MD5
  
  d91b498e5fc6c91e1e86b339407b58f7
- SHA1
  
  369e3c4646a69b99a797e0e288fd3145e2a6f35a
- SHA256
  
  cad0968f5ab3bedeffef68bbe18f92946fb97967cef59970157029480ed15bb9
- SHA512
  
  b981f7c4857327708233bf7e44bfb485c1cc7148ca850a63b12f854215edb583f5a499109d67b94f213226d23d0f4e0e5d04b888193fa5e799e30f051e9c9dbd
- SSDEEP
  
  3072:XBkH2At/3YyzX2OpphkGYI+C9AwcOZBJ7zk:n6/IAFkCDc+BJ7w
Score

10^/10

zloader vlenie10 obnova10 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadervlenie10obnova10botnetpersistencetrojan

behavioral2

zloadervlenie10obnova10botnetpersistencetrojan