Overview

overview

10

Static

static

3

4d68507752...18.exe

windows7-x64

10

4d68507752...18.exe

windows10-2004-x64

Resubmissions

18-05-2024 14:39

240518-r1dttsgc3s 6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4d68507752275a8607502b0ae14ef9a1_JaffaCakes118

  • Size

    268KB

  • Sample

    240516-2tpb4acf4v

  • MD5

    4d68507752275a8607502b0ae14ef9a1

  • SHA1

    4e13b8267ca39e41b9dbf88dc3123fed37e409c0

  • SHA256

    6fee95a3e283d9ad09a399e99b086ef70c3679eb8ad548161bdfababe3da68fb

  • SHA512

    bbebbd027af9e953141efecbfde31137735d58e54ff26966475570c7414ddc03ee53636011fad404d60c8df0031a79d5f2b858819ded59428ead93a5d9732849

  • SSDEEP

    6144:dI4M7nO35HbqtMFurLa8BqUlv8TqE4TvLOJ5tEpo6LlE7:aj6qsE8UVk4TotEpNLlE

Score
10/10
zloadersacaadw2botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

saca

Campaign

adw2

C2

https://thoughtlibrary.top/library/topikpost.php

https://islacangrejo.fun/library/topikpost.php
Attributes
  • build_id

    1970759022

rc4.plain

Targets

    • Target

      4d68507752275a8607502b0ae14ef9a1_JaffaCakes118

    • Size

      268KB

    • MD5

      4d68507752275a8607502b0ae14ef9a1

    • SHA1

      4e13b8267ca39e41b9dbf88dc3123fed37e409c0

    • SHA256

      6fee95a3e283d9ad09a399e99b086ef70c3679eb8ad548161bdfababe3da68fb

    • SHA512

      bbebbd027af9e953141efecbfde31137735d58e54ff26966475570c7414ddc03ee53636011fad404d60c8df0031a79d5f2b858819ded59428ead93a5d9732849

    • SSDEEP

      6144:dI4M7nO35HbqtMFurLa8BqUlv8TqE4TvLOJ5tEpo6LlE7:aj6qsE8UVk4TotEpNLlE

    Score
    10/10
    zloadersacaadw2botnetpersistencetrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks