zloader | 2e75df86b234cf57117527871aeea4c68ae2d2714dae6ed53d9d44de5c14a3f9 | Triage

Sharing

General

Target

563714af559451bf673fd7c96560e7c3_JaffaCakes118
Size

367KB
Sample

240718-fjq72swcll
MD5

563714af559451bf673fd7c96560e7c3
SHA1

40d9f4e923e958872c29b35865fcd6733c78d7a6
SHA256

2e75df86b234cf57117527871aeea4c68ae2d2714dae6ed53d9d44de5c14a3f9
SHA512

e89a00756361889827bad0b739d4a5d49e8afb50186a463101ee64afcf3f5bd67f5ebad5883daf5e58dcdefdfd98a596115b484c9ac93bed44bfec481bae4e0d
SSDEEP

6144:OdPKAngEB2GU6cIsSyvKKc2rFpR23mR0pAIW6aXQAr3xYvBS:OZng6HxyvNYmSmn6wQAr

Score

10^/10

zloader googleaktualizacija googleaktualizacija2 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

googleaktualizacija

Campaign

googleaktualizacija2

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes

build_id
156

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  563714af559451bf673fd7c96560e7c3_JaffaCakes118
- Size
  
  367KB
- MD5
  
  563714af559451bf673fd7c96560e7c3
- SHA1
  
  40d9f4e923e958872c29b35865fcd6733c78d7a6
- SHA256
  
  2e75df86b234cf57117527871aeea4c68ae2d2714dae6ed53d9d44de5c14a3f9
- SHA512
  
  e89a00756361889827bad0b739d4a5d49e8afb50186a463101ee64afcf3f5bd67f5ebad5883daf5e58dcdefdfd98a596115b484c9ac93bed44bfec481bae4e0d
- SSDEEP
  
  6144:OdPKAngEB2GU6cIsSyvKKc2rFpR23mR0pAIW6aXQAr3xYvBS:OZng6HxyvNYmSmn6wQAr
Score

10^/10

zloader googleaktualizacija googleaktualizacija2 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadergoogleaktualizacijagoogleaktualizacija2botnetpersistencetrojan

behavioral2

zloadergoogleaktualizacijagoogleaktualizacija2botnettrojan