General

  • Target

    f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8

  • Size

    338KB

  • Sample

    221027-hcnjpabchk

  • MD5

    62d565051f3cae6d6bc8971420bec819

  • SHA1

    b6c0f532108a3b392e9d8c1b0cfbf85cf8aa8fb3

  • SHA256

    f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8

  • SHA512

    c1401aeb4788ff39a501529ab3cd55223570404657be98c137326d76f7a23e5bf6dbb1faefd609519819c509ffcfd4d47f06c09afacad460485fbda9eb87d9ff

  • SSDEEP

    6144:d8ARSuigJ6mbVNjIECSQX3U0PflxxB7HDZnU7d:CARSacgjIV5Hl5jZMd

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    49

Targets

    • Target

      f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8

    • Size

      338KB

    • MD5

      62d565051f3cae6d6bc8971420bec819

    • SHA1

      b6c0f532108a3b392e9d8c1b0cfbf85cf8aa8fb3

    • SHA256

      f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8

    • SHA512

      c1401aeb4788ff39a501529ab3cd55223570404657be98c137326d76f7a23e5bf6dbb1faefd609519819c509ffcfd4d47f06c09afacad460485fbda9eb87d9ff

    • SSDEEP

      6144:d8ARSuigJ6mbVNjIECSQX3U0PflxxB7HDZnU7d:CARSacgjIV5Hl5jZMd

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks