zloader | adfc360f409f6d91f405ee2f523a65ef53f2fab23df62627ef610bc47ca9c4fa | Triage

Submit
Reports

Overview

overview

Static

static

TeraBox_1.12.5.8.exe

windows7-x64

TeraBox_1.12.5.8.exe

windows10-2004-x64

7

Sharing

General

Target

TeraBox_1.12.5.8.exe
Size

79.6MB
Sample

221230-f5412aac7y
MD5

307ecfb9554db41fd38711f3896275e9
SHA1

562f88a68415dcff6ed771bce542071cf745e6d6
SHA256

adfc360f409f6d91f405ee2f523a65ef53f2fab23df62627ef610bc47ca9c4fa
SHA512

d5570a69103522bb2e541173a1c8ff43737d353dc76ba9ac896b6f55fc112976a8cbf7797c6924aec161b150e616d2c69df3de472664dd48e426a7d96a9cf20b
SSDEEP

1572864:oJrltsdCBfCio2l2y+g3xkGcsQ492KW9tyTzIUjaOA1S1o23q2+XmFg:ylqmfYOrxVce92KCKIUj5bk2g

Score

10^/10

zloader botnet discovery persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

TeraBox_1.12.5.8.exe

Resource

win7-20221111-es

zloader botnet discovery persistence trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

TeraBox_1.12.5.8.exe

Resource

win10v2004-20220812-es

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  TeraBox_1.12.5.8.exe
- Size
  
  79.6MB
- MD5
  
  307ecfb9554db41fd38711f3896275e9
- SHA1
  
  562f88a68415dcff6ed771bce542071cf745e6d6
- SHA256
  
  adfc360f409f6d91f405ee2f523a65ef53f2fab23df62627ef610bc47ca9c4fa
- SHA512
  
  d5570a69103522bb2e541173a1c8ff43737d353dc76ba9ac896b6f55fc112976a8cbf7797c6924aec161b150e616d2c69df3de472664dd48e426a7d96a9cf20b
- SSDEEP
  
  1572864:oJrltsdCBfCio2l2y+g3xkGcsQ492KW9tyTzIUjaOA1S1o23q2+XmFg:ylqmfYOrxVce92KCKIUj5bk2g
Score

10^/10

zloader botnet discovery persistence trojan
- Modifies system executable filetype association
  persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Executes dropped EXE
- Registers COM server for autorun
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbotnetdiscoverypersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy