zloader | 0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5 | Triage

Resubmissions

10-08-2023 16:28

230810-tyxv2afa37 10

04-10-2021 11:41

211004-ntvbfsgceq 10

Sharing

General

Target

0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
Size

146KB
Sample

230810-tyxv2afa37
MD5

b42aa0c217dfeb5a86f140afa512a2c1
SHA1

575ebd278b6104dd2cc9f3871ada6cfd61c3a8f7
SHA256

0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
SHA512

14e0681a733aa812303c241aa38d13d33b1f9817d8bef6ad0c9b6a423ae433633772021244c17bac278468fca508a76dfd9c64993d89df69b6317f2be21707a6
SSDEEP

3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEK62Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMzi

Score

10^/10

zloader -dan web7-dan botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

-dan

Campaign

web7-dan

C2

https://45.72.3.132/web7643/gate.php

Attributes

build_id
929195383

rc4.plain

Targets

- Target
  
  0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
- Size
  
  146KB
- MD5
  
  b42aa0c217dfeb5a86f140afa512a2c1
- SHA1
  
  575ebd278b6104dd2cc9f3871ada6cfd61c3a8f7
- SHA256
  
  0c1b74345e0300233db0396f78ca121e7589deda31b7bc455baa476274e3f2e5
- SHA512
  
  14e0681a733aa812303c241aa38d13d33b1f9817d8bef6ad0c9b6a423ae433633772021244c17bac278468fca508a76dfd9c64993d89df69b6317f2be21707a6
- SSDEEP
  
  3072:BHIbLRDJ1YGzRXczG9Nw5pwfhcMVd8v86jdbG42UO5LXrMUJKKMEK62Yi:BHcLRDz/czG9Mp2hcGd8vvjFG42PhMzi
Score

10^/10

zloader -dan web7-dan botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

-danweb7-danzloader

behavioral1

zloader-danweb7-danbotnetpersistencetrojan