zloader | 1abe116b10d8e85ef225d498cfe63bcc438e2e01e736677063c1b44c0dcabeca | Triage

Submit
Reports

Overview

overview

Static

static

The Blackout.docx

windows10-1703-x64

Sharing

General

Target

The Blackout.docx
Size

290KB
Sample

230201-z7jbwsec2z
MD5

201153e622f00eef93b0b84985c5d99a
SHA1

22b84ff283d053d658abb69fc8d5967bbfd965f7
SHA256

1abe116b10d8e85ef225d498cfe63bcc438e2e01e736677063c1b44c0dcabeca
SHA512

6ca4cf3bd08b63d26ddbf81d54c6abcb6fcadd3a8560ce6a18e90e873b09d6f5dc6fea8a35853646936c20bb12caf15beaab79f07a6751a2704f7a94516dee3d
SSDEEP

6144:2nNkfRbZIbHGSkHdexpqUwmAfYYVTOU1Kb2/QDS6ah07Ms1mxD:2nARyNuUdwmAfYYVycK6/QhAsMl

Score

10^/10

zloader bootkit botnet microsoft discovery evasion persistence phishing trojan

Static task

static1

Behavioral task

behavioral1

Sample

The Blackout.docx

Resource

win10-20220901-en

zloader bootkit botnet microsoft discovery evasion persistence phishing trojan

windows10-1703-x64

33 signatures

1200 seconds

Malware Config

Targets

- Target
  
  The Blackout.docx
- Size
  
  290KB
- MD5
  
  201153e622f00eef93b0b84985c5d99a
- SHA1
  
  22b84ff283d053d658abb69fc8d5967bbfd965f7
- SHA256
  
  1abe116b10d8e85ef225d498cfe63bcc438e2e01e736677063c1b44c0dcabeca
- SHA512
  
  6ca4cf3bd08b63d26ddbf81d54c6abcb6fcadd3a8560ce6a18e90e873b09d6f5dc6fea8a35853646936c20bb12caf15beaab79f07a6751a2704f7a94516dee3d
- SSDEEP
  
  6144:2nNkfRbZIbHGSkHdexpqUwmAfYYVTOU1Kb2/QDS6ah07Ms1mxD:2nARyNuUdwmAfYYVycK6/QhAsMl
Score

10^/10

zloader bootkit botnet microsoft discovery evasion persistence phishing trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Downloads MZ/PE file
- Executes dropped EXE
- Modifies Installed Components in the registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Detected potential entity reuse from brand microsoft.
  phishing microsoft
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloaderbootkitbotnetmicrosoftdiscoveryevasionpersistencephishingtrojan

© 2018-2025

Terms | Privacy