zloader | 0259709a424c0ce720adad9f86158bbb8d5b60c155db6a83f0797fca6feafbba

General

Target

4ae812bebf1c3aadd87e6b813cf8fb04_JaffaCakes118
Size

319KB
Sample

240729-rehkws1gqp
MD5

4ae812bebf1c3aadd87e6b813cf8fb04
SHA1

791b293fdbc59b55939cc17d7b61a86785b17ac6
SHA256

0259709a424c0ce720adad9f86158bbb8d5b60c155db6a83f0797fca6feafbba
SHA512

f48e924dbd711219a5033758d9be6fa4b3bb671088bdee4c2d856d02578a31ea762c74dffd0a86cad827c2c4ac2939caa67e780340bd264b7a6df7dd85751b1d
SSDEEP

3072:Lf1BDZ0kVB67Duw9AMcMUdJKmDbjUpgp7iPxvqKt0VWUJEUnjI+XkeKNud2W46vs:L9X0GrLIpW0vq7AUrI+XEY2IFKp9

Score

10^/10

zloader sg sg botnet discovery trojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://hoxfqvlgoabyfspvjimc.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
99

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  4ae812bebf1c3aadd87e6b813cf8fb04_JaffaCakes118
- Size
  
  319KB
- MD5
  
  4ae812bebf1c3aadd87e6b813cf8fb04
- SHA1
  
  791b293fdbc59b55939cc17d7b61a86785b17ac6
- SHA256
  
  0259709a424c0ce720adad9f86158bbb8d5b60c155db6a83f0797fca6feafbba
- SHA512
  
  f48e924dbd711219a5033758d9be6fa4b3bb671088bdee4c2d856d02578a31ea762c74dffd0a86cad827c2c4ac2939caa67e780340bd264b7a6df7dd85751b1d
- SSDEEP
  
  3072:Lf1BDZ0kVB67Duw9AMcMUdJKmDbjUpgp7iPxvqKt0VWUJEUnjI+XkeKNud2W46vs:L9X0GrLIpW0vq7AUrI+XEY2IFKp9
Score

10^/10

zloader sg sg botnet discovery trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fccff8cb7a1067e23fd2e2b63971a8e1
- SHA1
  
  30e2a9e137c1223a78a0f7b0bf96a1c361976d91
- SHA256
  
  6fcea34c8666b06368379c6c402b5321202c11b00889401c743fb96c516c679e
- SHA512
  
  f4335e84e6f8d70e462a22f1c93d2998673a7616c868177cac3e8784a3be1d7d0bb96f2583fa0ed82f4f2b6b8f5d9b33521c279a42e055d80a94b4f3f1791e0c
- SSDEEP
  
  192:xPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4v:g7VpNo8gmOyRsVc4
Score

3^/10

discovery
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Loads dropped DLL

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4