General

  • Target

    4204cc08265199def9a90a8401139adf

  • Size

    316KB

  • Sample

    240104-1y4rxaddb3

  • MD5

    4204cc08265199def9a90a8401139adf

  • SHA1

    ba1a47f6131106145030c09620388d4f9e188de8

  • SHA256

    e7a8396f875706bb367572480a2fe01be5a70163659fa9478e72779d553bae99

  • SHA512

    4f354b4b021ba9ea364b61c55df59bfdef4bdf7e1072b29572478eab3f7ad0fc3ab6d24f4ea498da2fe6db9d362ce3632057a328caba66eded55f828d0297dcc

  • SSDEEP

    6144:VO7Ec2ccPvATdPsM2JSzwMxZS6VWxtoloBj5rbx:Q7vLGoZPs6NxZnVJ6Bj5rbx

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    808400176

Targets

    • Target

      4204cc08265199def9a90a8401139adf

    • Size

      316KB

    • MD5

      4204cc08265199def9a90a8401139adf

    • SHA1

      ba1a47f6131106145030c09620388d4f9e188de8

    • SHA256

      e7a8396f875706bb367572480a2fe01be5a70163659fa9478e72779d553bae99

    • SHA512

      4f354b4b021ba9ea364b61c55df59bfdef4bdf7e1072b29572478eab3f7ad0fc3ab6d24f4ea498da2fe6db9d362ce3632057a328caba66eded55f828d0297dcc

    • SSDEEP

      6144:VO7Ec2ccPvATdPsM2JSzwMxZS6VWxtoloBj5rbx:Q7vLGoZPs6NxZnVJ6Bj5rbx

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks