zloader | 9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a

Sharing

Copy URL

Twitter E-mail

General

Target

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a
Size

70.4MB
Sample

240907-wkjscsyfmg
MD5

c603abdef890ec42355b158561aa3381
SHA1

ae0aaa9c8c8665aab09a088ca5cbe42e148ef358
SHA256

9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a
SHA512

40bde2aa5276e00de312d932698cb11ca6604f4d972bca0c653cce67dcc45ba32b4900a1d88bfdba49125ad43c49f7c46cc572370d727993afd810e92c4b0edd
SSDEEP

1572864:+uOdWa6wr7n17jdvIgVWL8ro+f3WUD+y1CxvmkOHFbPwk0iNFByzAK:x+WaPrrvwL95I+wCx0l4k8

Score

10^/10

Malware Config

Targets

- Target
  
  9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a
- Size
  
  70.4MB
- MD5
  
  c603abdef890ec42355b158561aa3381
- SHA1
  
  ae0aaa9c8c8665aab09a088ca5cbe42e148ef358
- SHA256
  
  9ecd96e90def2fa42b060d64290129903115d7410b2c2008e8d4b928c4b5846a
- SHA512
  
  40bde2aa5276e00de312d932698cb11ca6604f4d972bca0c653cce67dcc45ba32b4900a1d88bfdba49125ad43c49f7c46cc572370d727993afd810e92c4b0edd
- SSDEEP
  
  1572864:+uOdWa6wr7n17jdvIgVWL8ro+f3WUD+y1CxvmkOHFbPwk0iNFByzAK:x+WaPrrvwL95I+wCx0l4k8
Score

10^/10

zloader botnet discovery trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  101KB
- MD5
  
  33b4e69e7835e18b9437623367dd1787
- SHA1
  
  53afa03edaf931abdc2d828e5a2c89ad573d926c
- SHA256
  
  72d38ef115e71fc73dc5978987c583fc8c6b50ff12e4a5d30649a4d164a8b6ae
- SHA512
  
  ca890e785d1a0a7e0b4a748416fba417826ae66b46e600f407d4e795b444612a8b830f579f2cf5b6e051bea800604f34f8801cc3daf05c8d29ad05bcda454a77
- SSDEEP
  
  1536:Ayy+wx2YAlWrU5OX9crt5c4DBqiC7hk333kbQk:ry+wojIwgNcr1a7WH0b
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  75ed96254fbf894e42058062b4b4f0d1
- SHA1
  
  996503f1383b49021eb3427bc28d13b5bbd11977
- SHA256
  
  a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
- SHA512
  
  58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4
- SSDEEP
  
  192:X24sihno0bW+l97H4GB7QDs91kMtwtobTr4u+QHbazMNHT7dmNIEr:m8vJl97JeoxtN/r3z7YV
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Beaker Browser.exe
- Size
  
  67.8MB
- MD5
  
  a79d31e8a93a6d2e5efbba69fd9c647e
- SHA1
  
  37da53b97478f8ab8af3bed446dcf01e265602d9
- SHA256
  
  4e6bc9ca74561f98769257e2a1ebffb985a0c48b506d8cbbf995886ba8886d0f
- SHA512
  
  104d332f3d503903ac17e9c7f6f234bcb9dbd07c2f6137874c1cbe4a16e1b7d32ffbb37cf324abb52286509bbb44950a45c4643d61bcc541eb3e1d7eda4ac766
- SSDEEP
  
  393216:e18D8SMWJfEJNT1VPHuXb6B4u5wgq439gFvYqehzxmtj5iKGMlQrrNOtXGTi7zR+:0HOlYSjSjjBpmD2EqZPEytx
Score

10^/10

zloader botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  1.8MB
- MD5
  
  3039c56eaee9a3fc5f5afc4308677621
- SHA1
  
  7a086a48f26fb737da3ac5c2ea19d0ea8fa83c9d
- SHA256
  
  ab04ac8c6bb2f55557c83f6fe5b004cf6b9e708f2e01afd2a898c3f37d4a872b
- SHA512
  
  ef261d1c1136889cf6d64aaf5c00de17406025e73a35be29dde43ca533ee52563379ea9f477667ac259460ca70fb21807bf6019b543988366225a9b716ea437b
- SSDEEP
  
  24576:DHmnLiLXkNwOuyZBQrorQKh4czkUnWQqS:DHmLA0dOGhn5qS
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  api-ms-win-core-console-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  e5912b05988259dad0d6d04c8a17d19b
- SHA1
  
  724f4f91041ad595e365b724a0348c83acf12bbb
- SHA256
  
  9f3608c15c5de2f577a2220ce124b530825717d778f1e3941e536a3ab691f733
- SHA512
  
  c270a622d7887f4c97232ea898f5380459c565817f0d201cdb081ee82e3002b6e6248753a68da896d3b1327f93e8e8cb0ca0dcaeef324f610e0a1c7b542c6492
- SSDEEP
  
  192:PaW1hWiZqe8Cjdks/nGfe4pBjSYqW/nW5RKTt3E2sVWQ4GW5rYZpqnaj71nxPI45:yW1hW4r1m0GftpBjQm3SllndaVrQ2W
Score

1^/10
behavioral15
- Target
  
  api-ms-win-core-datetime-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  16789cc09a417d7deb590fffe4ed02dc
- SHA1
  
  4940d5b92b6b80a40371f8df073bf3eb406f5658
- SHA256
  
  3b68d7ab0641de6b3e81d209b7c0d3896e4ffa76617bbadd01eb54036cdd1b07
- SHA512
  
  19e4f086cc2137ee60316b0736b3c6b3780578896df9a826edfe004bb74bee8e051c511a84d8a7ea278a5f47c82b9c955394f629ab0bb0740ecb51293d9be7b7
- SSDEEP
  
  192:aUW1hWi8dsNtLxCjdks/nGfe4pBjSYvQF0RW5RKTt3E2sVWQ4GWsTJsqnajkZtT6:HW1hWfsngm0GftpBjmtm3SglmTok6
Score

1^/10
behavioral16
- Target
  
  api-ms-win-core-debug-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  9476affaac53e6e34405c4001f141805
- SHA1
  
  e7c8a6c29c3158f8b332eea5c33c3b1e044b5f73
- SHA256
  
  55574f9e80d313048c245acefd21801d0d6c908a8a5049b4c46253efaf420f89
- SHA512
  
  f8e3476a09d888caebd50da0ea2debc4006004e72af677919413655ab4595622cac524f1bc6c13406ee341ae0052a19ed83826ad530f652e73b2c65d4fa65680
- SSDEEP
  
  192:2W1hWi9cvHCjdks/nGfe4pBjSYLky6b+W5RKTt3E2sVWQ4GW2y9jqnajXagRbG1d:2W1hW+Qim0GftpBj81nm3SMlDCED6
Score

1^/10
behavioral17
- Target
  
  api-ms-win-core-errorhandling-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  a5883c68d432f593812ab3b755b808db
- SHA1
  
  51cbb7ba47802dc630c2507750432c55f5979c27
- SHA256
  
  b3715112a7ca4c6cc0efee044bd82444d3267a379e33a3ec118d87e75604204d
- SHA512
  
  27153e29e99a905fa4c8b3ede078644a3a3f29fdf7b98e387e39c5c60444e326c92afd74da8fee225f7ddf39724a0daef68ba238f3cc64fb7860172b8f29d79a
- SSDEEP
  
  192:8mxD3uLW1hWioedXACjdks/nGfe4pBjSYTdvW5RKTt3E2sVWQ4GWGCWkqnajTWOj:8BLW1hWeXRm0GftpBj8m3SclgCohax
Score

1^/10
behavioral18
- Target
  
  api-ms-win-core-file-l1-1-0.dll
- Size
  
  21KB
- MD5
  
  241338aef5e2c18c80fb1db07aa8bcdf
- SHA1
  
  9acbeef0ac510c179b319ca69cd5378d0e70504d
- SHA256
  
  56de091efe467fe23cc989c1ee21f3249a1bdb2178b51511e3bd514df12c5ccb
- SHA512
  
  b9fd37f01a58594e48fa566c41827b2b9499605d9e55c2178e83ee41c8c5f50a4df2c85efea94ca586ea0ea4a6d984ebb7ca2193e9306fcb853b147b2c76bc2d
- SSDEEP
  
  384:TBPvVXcW1hWYDzDm0GftpBjrm3SXjltFpx:VPvVX/TViNZ
Score

1^/10
behavioral19
- Target
  
  api-ms-win-core-file-l1-2-0.dll
- Size
  
  18KB
- MD5
  
  49c3ffd47257dbcb67a6be9ee112ba7f
- SHA1
  
  04669214375b25e2dc8a3635484e6eeb206bc4eb
- SHA256
  
  322d963d2a2aefd784e99697c59d494853d69bed8efd4b445f59292930a6b165
- SHA512
  
  bda5e6c669b04aaed89538a982ef430cef389237c6c1d670819a22b2a20bf3c22aef5cb4e73ef7837cbbd89d870693899f97cb538122059c885f4b19b7860a98
- SSDEEP
  
  384:aW1hWF5OZkum0GftpBjjNWm3S0ZlmTof1:JKoViqi1
Score

1^/10
behavioral20
- Target
  
  api-ms-win-core-file-l2-1-0.dll
- Size
  
  18KB
- MD5
  
  bfffa7117fd9b1622c66d949bac3f1d7
- SHA1
  
  402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2
- SHA256
  
  1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e
- SHA512
  
  b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f
- SSDEEP
  
  384:eVrW1hWbvm0GftpBjzH4m3S9gTlUK3dsl:eVuAViaB/6sl
Score

1^/10
behavioral21
- Target
  
  api-ms-win-core-handle-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cce27ff9b1e78b61955682788452f785
- SHA1
  
  a2e2a40cea25ea4fd64b8deaf4fbe4a2db94107a
- SHA256
  
  8ee2de377a045c52bbb05087ae3c2f95576edfb0c2767f40b13454f2d9f779de
- SHA512
  
  1fcec1cd70426e3895c48598dfc359839d2b3f2b1e3e94314872a866540353460ec932bf3841e5afe89aa4d6c6fac768e21ae368d68c2bb15f65960f6f5d7d5b
- SSDEEP
  
  192:yW1hWBJ9M7tOZk7Cjdks/nGfe4pBjSYj+a2W5RKTt3E2sVWQ4GWJ9xqZsqnajkZ9:yW1hW+5OZkum0GftpBjt7m3SlGlmToC
Score

1^/10
behavioral22
- Target
  
  api-ms-win-core-heap-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  cdc266896e0dbe6c73542f6dec19de23
- SHA1
  
  b4310929ccb82dd3c3a779cab68f1f9f368076f2
- SHA256
  
  87a5c5475e9c26fabfead6802dac8a62e2807e50e0d18c4bfadcb15ebf5bcbc0
- SHA512
  
  79a29041699f41938174a6ec9797faf8d6bf7764657d801cb3af15c225f8eab0135d59cfa627bd02dd7459f7b857d62299e4d082586ce690627ebdf1267ebb21
- SSDEEP
  
  192:fZlgW1hWiR+49Cjdks/nGfe4pBjSYBPq+W5RKTt3E2sVWQ4GWDG2Oqnajd2si3TT:hlgW1hWP4wm0GftpBjVsm3STlM/
Score

1^/10
behavioral23
- Target
  
  api-ms-win-core-interlocked-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  39809cc5dabf769da8871a91a8ed9e69
- SHA1
  
  f779cdef9ded19402aa72958085213d6671ca572
- SHA256
  
  5cd00ff4731691f81ff528c4b5a2e408548107efc22cc6576048b0fdce3dfbc9
- SHA512
  
  83a8246839d28378c6f6951d7593dc98b6caa6dbca5fbd023b00b3b1a9eba0597943838c508493533c2de276c4d2f9107d890e1c9a493ee834351cff5dfd2cab
- SSDEEP
  
  192:CW1hWiRnedXACjdks/nGfe4pBjSYC6rSW5RKTt3E2sVWQ4GW+60yqnaj/6g6dqpl:CW1hW3XRm0GftpBjl7m3SOLltFpU2
Score

1^/10
behavioral24
- Target
  
  api-ms-win-core-libraryloader-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  5d5fae1a17961d6ee37637f04fe99b8a
- SHA1
  
  47143a66b4a2e2ba019bf1fd07bcca9cfb8bb117
- SHA256
  
  8e01eb923fc453f927a7eca1c8aa5643e43b360c76b648088f51b31488970aa0
- SHA512
  
  9db32ec8416320dcb28f874b4679d2d47a5ae56317fdc9d2d65ebb553f1d6345c3dd0024294a671a694337683dd4e77254595a9cdbfe115c80d0ef53516d46aa
- SSDEEP
  
  384:KvuBL3BYW1hWp5OZkum0GftpBjPJm3SyAlJrqsK:FBL3BTioViH+ElK
Score

1^/10
behavioral25
- Target
  
  api-ms-win-core-localization-l1-2-0.dll
- Size
  
  20KB
- MD5
  
  588bd2a8e0152e0918742c1a69038f1d
- SHA1
  
  9874398548891f6a08fc06437996f84eb7495783
- SHA256
  
  a07cc878ab5595aacd4ab229a6794513f897bd7ad14bcec353793379146b2094
- SHA512
  
  32ffe64c697f94c4db641ab3e20b0f522cf3eba9863164f1f6271d2f32529250292a16be95f32d852480bd1b59b8b0554c1e7fd7c7a336f56c048f4f56e4d62f
- SSDEEP
  
  384:XOMw3zdp3bwjGjue9/0jCRrndb6kW1hW85OZkum0GftpBjcqEm3Shupl4aRGWa:XOMwBprwjGjue9/0jCRrndb0noVialbj
Score

1^/10
behavioral26
- Target
  
  api-ms-win-core-memory-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  6def20ed13972f3c3f08dba8ecf3d6cc
- SHA1
  
  9c03356cf48112563bb845479f40bf27b293e95e
- SHA256
  
  c2e887a17875d39099d662a42f58c120b9cc8a799afd87a9e49adf3faddd2b68
- SHA512
  
  5b4d2b1152bed14108dc58d358b1082e27defd1001d36cd72ec6f030a34d6caf9b01c3c1dd8a9ac66d1937fcf86a6fe3469ac93b1e76d933a8f4b51c1f782f65
- SSDEEP
  
  192:E8W1hWiEUcvHCjdks/nGfe4pBjSYY3iW5RKTt3E2sVWQ4GWRRhbOqnajd2si3Hv:E8W1hWXUQim0GftpBjMnm3So3ylMHv
Score

1^/10
behavioral27
- Target
  
  api-ms-win-core-namedpipe-l1-1-0.dll
- Size
  
  18KB
- MD5
  
  a056d4eeaae37deab8333dcc4c910a93
- SHA1
  
  cb59f1fe73c17446eb196fc0dd7d944a0cd9d81f
- SHA256
  
  593fa2aa2474508ad942bbaa0fdc9a1badd81c85b0dff1c43b90a47c23ad5fb7
- SHA512
  
  c2f811994182ef51d0c011c19336179da69357e5f284f787bcdb54f90c32768a959232a477534f7e62cd3d71a048a13e91b20042e2fe6ab108d606c7c8df9255
- SSDEEP
  
  384:eW1hWU5OZkum0GftpBjxKvm3SQTlUK3dsDT:1noVimvf6sDT
Score

1^/10
behavioral28
- Target
  
  api-ms-win-core-processenvironment-l1-1-0.dll
- Size
  
  19KB
- MD5
  
  f3b4ab35a65a8d938c6b60ad59ba6e7f
- SHA1
  
  2745259f4dbbefbf6b570ee36d224abdb18719bc
- SHA256
  
  ea2972fec12305825162ae3e1ae2b6c140e840be0e7ebb51a7a77b7feeda133a
- SHA512
  
  a88afb66311494d6c15613c94555ba436cd2f75e11a49a448c9c6776dfba24cda25a44792a1e8b3e680c1ad3ad0574b43ac2328c6e41ff0832139c94b066dbf5
- SSDEEP
  
  192:XnW1hWioe8Cjdks/nGfe4pBjSY6ydpW5RKTt3E2sVWQ4GWwvcUV2HPqnajkSXt7m:XnW1hWE1m0GftpBjZ4m3SZ7MvlJrU
Score

1^/10
behavioral29
- Target
  
  api-ms-win-core-processthreads-l1-1-0.dll
- Size
  
  20KB
- MD5
  
  5faf9a33bab1d39dd9f820d34339b3d4
- SHA1
  
  50699041060d14576ed7bacbd44be9af80eb902a
- SHA256
  
  a1221836731c7e52c42d5809cc02b17c5ec964601631ec15a84201f423da4ac4
- SHA512
  
  73c25d1338df9aee5211fbb0e1b14e6bd853e31746c63bc46f44810622b09d52ee39b8e8a57c655da63d3d3d4025c2cba4d8673893d022417a2032ba3d935061
- SSDEEP
  
  384:gWXk1JzNcKSIXW1hWEXRm0GftpBj1U6m3SddlmTod4V:gbcKSbxViZx8
Score

1^/10
behavioral30
- Target
  
  api-ms-win-core-processthreads-l1-1-1.dll
- Size
  
  18KB
- MD5
  
  d699333637db92d319661286df7cc39e
- SHA1
  
  0bffb9ed366853e7019452644d26e8e8f236241b
- SHA256
  
  fe760614903e6d46a1be508dccb65cf6929d792a1db2c365fc937f2a8a240504
- SHA512
  
  6fa9ff0e45f803faf3eb9908e810a492f6f971cb96d58c06f408980ab40cba138b52d853aa0e3c68474053690dfafa1817f4b4c8fb728d613696b6c516fa0f51
- SSDEEP
  
  384:dtUDfIeFrW1hWC5OZkum0GftpBjVzm3Sx56lgCoha6LDF:dteFuJoVijz1HB
Score

1^/10
behavioral31
- Target
  
  api-ms-win-core-profile-l1-1-0.dll
- Size
  
  17KB
- MD5
  
  7028cf6b6b609cb0e31abd1f618e42d0
- SHA1
  
  e7e0b18a40a35bd8b0766ac72253de827432e148
- SHA256
  
  9e98b03a3ca1ebabdceb7ed9c0ceb4912bb68eb68f3e0df17f39c7a55fada31d
- SHA512
  
  d035ccfd0de316e64187c18e6e5b36e14f615f872c08740ec22ef2c12d592e37d78ab154202926a56ab01d669eb5870dff651280a882d6bf2a700c43dcd25ac2
- SSDEEP
  
  192:D4VW1hWc2TVCEmCjdks/nGfe4pBjSfMesvMW5RKTt3E2sVWQ4iWJBJ9qnajuZDAu:DyW1hWTvm0GftpBjosv5m3SKlUK3dsl
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Checks installed software on the system

Zloader, Terdot, DELoader, ZeusSphinx

Checks computer location settings

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32