zloader | e7a8396f875706bb367572480a2fe01be5a70163659fa9478e72779d553bae99 | Triage

Sharing

General

Target

4204cc08265199def9a90a8401139adf
Size

316KB
Sample

231225-22atnsfda8
MD5

4204cc08265199def9a90a8401139adf
SHA1

ba1a47f6131106145030c09620388d4f9e188de8
SHA256

e7a8396f875706bb367572480a2fe01be5a70163659fa9478e72779d553bae99
SHA512

4f354b4b021ba9ea364b61c55df59bfdef4bdf7e1072b29572478eab3f7ad0fc3ab6d24f4ea498da2fe6db9d362ce3632057a328caba66eded55f828d0297dcc
SSDEEP

6144:VO7Ec2ccPvATdPsM2JSzwMxZS6VWxtoloBj5rbx:Q7vLGoZPs6NxZnVJ6Bj5rbx

Score

10^/10

zloader botnet cryptone packer persistence trojan

Malware Config

Extracted

Family

zloader

Attributes

build_id
808400176

Targets

- Target
  
  4204cc08265199def9a90a8401139adf
- Size
  
  316KB
- MD5
  
  4204cc08265199def9a90a8401139adf
- SHA1
  
  ba1a47f6131106145030c09620388d4f9e188de8
- SHA256
  
  e7a8396f875706bb367572480a2fe01be5a70163659fa9478e72779d553bae99
- SHA512
  
  4f354b4b021ba9ea364b61c55df59bfdef4bdf7e1072b29572478eab3f7ad0fc3ab6d24f4ea498da2fe6db9d362ce3632057a328caba66eded55f828d0297dcc
- SSDEEP
  
  6144:VO7Ec2ccPvATdPsM2JSzwMxZS6VWxtoloBj5rbx:Q7vLGoZPs6NxZnVJ6Bj5rbx
Score

10^/10

zloader botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

zloaderbotnetpersistencetrojan