zloader | becacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962 | Triage

Sharing

General

Target

HEURBackdoor.Win32.Dridex.vhobecacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962
Size

146KB
Sample

230507-k1svesfa2v
MD5

d93ca01a4515732a6a54df0a391c93e3
SHA1

ba31585616c3640a434c4c29193f0f89e8306485
SHA256

becacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962
SHA512

3e9c52c04cf37250e8d4e0e3a17cc27e17a1ff19c4935a788b77dafea28bd6ec0a514bdbe4073845c31559652c039f88f811b24020044c0b0e0c47f1cb9ac2e0
SSDEEP

3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEj2Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMal

Score

10^/10

zloader -pit14 web7-pit14 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

-pit14

Campaign

web7-pit14

C2

https://45.72.3.132/web7643/gate.php

Attributes

build_id
929195383

rc4.plain

Targets

- Target
  
  HEURBackdoor.Win32.Dridex.vhobecacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962
- Size
  
  146KB
- MD5
  
  d93ca01a4515732a6a54df0a391c93e3
- SHA1
  
  ba31585616c3640a434c4c29193f0f89e8306485
- SHA256
  
  becacb52a50004d42538cfe82c8f527f1793727c5f679f46df7f96eade272962
- SHA512
  
  3e9c52c04cf37250e8d4e0e3a17cc27e17a1ff19c4935a788b77dafea28bd6ec0a514bdbe4073845c31559652c039f88f811b24020044c0b0e0c47f1cb9ac2e0
- SSDEEP
  
  3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEj2Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMal
Score

10^/10

zloader -pit14 web7-pit14 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

-pit14web7-pit14zloader

behavioral1

zloader-pit14web7-pit14botnetpersistencetrojan

behavioral2

zloader-pit14web7-pit14botnetpersistencetrojan