General

  • Target

    f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8_unpacked

  • Size

    144KB

  • Sample

    221027-hcnvfsbce6

  • MD5

    eb8439d5ee379f19d25c2445d28e135a

  • SHA1

    5426510acb07efc464c47bbe0cc413489365a3d9

  • SHA256

    384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a

  • SHA512

    5bbda761ff6c0286d346dd0fda5df2abeeb6ffb81149d0537db969feb682658dc1e5a75bb1d09a13398b26fee4163ace7d35bbd69196628b3daef53c0efdc982

  • SSDEEP

    3072:c2kHDNNqo9hPNER+/2p1Ludye/w4FeNqEKJ7exog/Dt5eFSbvth90:cZHRNNbuc2HLxrgL7exx5ecv

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    49

Targets

    • Target

      f1bdd2bcbaf40bb99224fa293edc1581fd124da63c035657918877901d79bed8_unpacked

    • Size

      144KB

    • MD5

      eb8439d5ee379f19d25c2445d28e135a

    • SHA1

      5426510acb07efc464c47bbe0cc413489365a3d9

    • SHA256

      384f3719ba4fbcf355cc206e27f3bfca94e7bf14dd928de62ab5f74de90df34a

    • SHA512

      5bbda761ff6c0286d346dd0fda5df2abeeb6ffb81149d0537db969feb682658dc1e5a75bb1d09a13398b26fee4163ace7d35bbd69196628b3daef53c0efdc982

    • SSDEEP

      3072:c2kHDNNqo9hPNER+/2p1Ludye/w4FeNqEKJ7exog/Dt5eFSbvth90:cZHRNNbuc2HLxrgL7exx5ecv

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks