Overview

overview

10

Static

static

3

f55920966b...18.dll

windows7-x64

10

f55920966b...18.dll

windows10-2004-x64

10

Resubmissions

04-12-2024 03:12

241204-dqgwvaypcy 10

03-12-2024 21:44

241203-1lvy8swjgv 10

25-09-2024 06:02

240925-grgh9asblg 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f55920966b4970588ce643af0fcc03a7_JaffaCakes118

  • Size

    422KB

  • Sample

    241203-1lvy8swjgv

  • MD5

    f55920966b4970588ce643af0fcc03a7

  • SHA1

    97c44c58f24358442cb1811a7694e5b395e82d61

  • SHA256

    0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

  • SHA512

    b5e6f91e65eacd6c1ad5f563f0d9184fd21fb88848008c7ea568d7c40c63fcbf217eeee2830a521313a3152e538821a469630fe951e760405972afae8516023e

  • SSDEEP

    12288:yClc4hq+Ytl63+YzGKBTpJHtvgqYe7S9S:Tlc4kBl6OabpFtGgS0

Score
10/10
zloaderbotnetdiscoverypersistencetrojan

Malware Config

Extracted

Family

zloader

Attributes
  • build_id

    49

Targets

    • Target

      f55920966b4970588ce643af0fcc03a7_JaffaCakes118

    • Size

      422KB

    • MD5

      f55920966b4970588ce643af0fcc03a7

    • SHA1

      97c44c58f24358442cb1811a7694e5b395e82d61

    • SHA256

      0d533321292f6854d7f9705a738d58ee5941c93b52674681083ec5c21a987ab1

    • SHA512

      b5e6f91e65eacd6c1ad5f563f0d9184fd21fb88848008c7ea568d7c40c63fcbf217eeee2830a521313a3152e538821a469630fe951e760405972afae8516023e

    • SSDEEP

      12288:yClc4hq+Ytl63+YzGKBTpJHtvgqYe7S9S:Tlc4kBl6OabpFtGgS0

    Score
    10/10
    zloaderbotnetdiscoverypersistencetrojan

    • Zloader family

      zloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Blocklisted process makes network request

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks