Overview

overview

10

Static

static

3

readme.exe

windows10-1703-x64

10

Resubmissions

24-05-2023 17:16

230524-vs7cysea9x 10

09-11-2020 20:02

201109-kefnpvgfd6 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    readme.exe

  • Size

    348KB

  • Sample

    230524-vs7cysea9x

  • MD5

    8c6810ccbf8b94ad18edabe648ffd504

  • SHA1

    9f3770c114956fb31d04ec3020fe4da03a8ac2d4

  • SHA256

    b8f848f137a23fe046b4701a67d07c8e7e1a8fdb066f318424caede7a1e69530

  • SHA512

    7bf15296bbdce5aee540b9a6738c65a3f54b773f6aa50b27a98ad8c33544ff60625f650c8bb90fa17a0c60e8b799a88536f5609b41a94784fcb283b810f0b7b9

  • SSDEEP

    6144:UMLeUFXXI8t9K/uN6qmhCaHA5DZNyI187cMsU5wgsbZv+:JesY8t9KQ6q9WAZNVOAzzr+

Score
10/10
zloadercanadaloadsspambotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

CanadaLoads

Campaign

Spam

C2

https://23d8s23hs89j239sj23.com/jbYm9bt/NlGkb4ivk.php

https://3reh8rd23js9.com/jbYm9bt/NlGkb4ivk.php

https://4f394j89d3j4d89j34d.com/jbYm9bt/NlGkb4ivk.php

https://d823hrd9239sdj2.com/jbYm9bt/NlGkb4ivk.php

https://js823hs23js.com/jbYm9bt/NlGkb4ivk.php

https://oidjweidj34rd3.com/jbYm9bt/NlGkb4ivk.php

https://qwd8s3j8s23h8s.com/jbYm9bt/NlGkb4ivk.php

https://s28hs823hs823js.com/jbYm9bt/NlGkb4ivk.php

https://wd23h8qsh8qhs823qs.com/jbYm9bt/NlGkb4ivk.php
Attributes
  • build_id

    34

rc4.plain

Targets

    • Target

      readme.exe

    • Size

      348KB

    • MD5

      8c6810ccbf8b94ad18edabe648ffd504

    • SHA1

      9f3770c114956fb31d04ec3020fe4da03a8ac2d4

    • SHA256

      b8f848f137a23fe046b4701a67d07c8e7e1a8fdb066f318424caede7a1e69530

    • SHA512

      7bf15296bbdce5aee540b9a6738c65a3f54b773f6aa50b27a98ad8c33544ff60625f650c8bb90fa17a0c60e8b799a88536f5609b41a94784fcb283b810f0b7b9

    • SSDEEP

      6144:UMLeUFXXI8t9K/uN6qmhCaHA5DZNyI187cMsU5wgsbZv+:JesY8t9KQ6q9WAZNVOAzzr+

    Score
    10/10
    zloadercanadaloadsspambotnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks