Overview

overview

10

Static

static

1

IMG_202406...60.jpg

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_20240601_113544_360.jpg

  • Size

    49KB

  • Sample

    240601-g4h8lsce6t

  • MD5

    03082e28b57497d2d9185ff2b106be53

  • SHA1

    f7a2621756233a7bfb4fa88712393cc00ed8e774

  • SHA256

    a412f64e9ebb9960a107acd9475acf3448b68d4a9b8e05ec15810d7e5d07ef2f

  • SHA512

    8dec39aff480b0353c2986ef10ea4fd2ed8096c89279b3280bf0b6d7eb8923f0158f400bc13008889c378ae76f42058850f1009fbcef4b1631cf3a0cf683c008

  • SSDEEP

    768:U1C3uQxCw2QTINgNMkLk1sWsHseNCTggxR1rgQGorsQAU63U6FZVfMx:UweGDTINgNMkLk1sW6se0/OdQQZ5Mx

Score
10/10
zloaderbotnetdiscoverypersistencetrojanupx

Malware Config

Targets

    • Target

      IMG_20240601_113544_360.jpg

    • Size

      49KB

    • MD5

      03082e28b57497d2d9185ff2b106be53

    • SHA1

      f7a2621756233a7bfb4fa88712393cc00ed8e774

    • SHA256

      a412f64e9ebb9960a107acd9475acf3448b68d4a9b8e05ec15810d7e5d07ef2f

    • SHA512

      8dec39aff480b0353c2986ef10ea4fd2ed8096c89279b3280bf0b6d7eb8923f0158f400bc13008889c378ae76f42058850f1009fbcef4b1631cf3a0cf683c008

    • SSDEEP

      768:U1C3uQxCw2QTINgNMkLk1sWsHseNCTggxR1rgQGorsQAU63U6FZVfMx:UweGDTINgNMkLk1sW6se0/OdQQZ5Mx

    Score
    10/10
    zloaderbotnetdiscoverypersistencetrojanupx

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops Chrome extension

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks