zloader | 8cb1f8662f950b1a5e3f3d84f951f46b9c81a514a262c5cc396c68ce875973dc | Triage

Sharing

General

Target

8cb1f8662f950b1a5e3f3d84f951f46b9c81a514a262c5cc396c68ce875973dc.exe
Size

736KB
Sample

250207-g8clmaskcy
MD5

8c0dc16ba5fd7635dba06b3d4872c51f
SHA1

cccccaf9625dacaba54d559be781797e6ae6240c
SHA256

8cb1f8662f950b1a5e3f3d84f951f46b9c81a514a262c5cc396c68ce875973dc
SHA512

ede2597b22b67e0494cf1511479edcf0937df8eaa1f9c3a38812a7892b8f88362d9c5e40bf03be8d77156f07b5ee010cea14008d6ad7ae2be4ac742fcf8b64c3
SSDEEP

12288:63M5h4oeHrmyXxI4PVHMC9F85MueMmlUt9/lYU++m/PzsDG6P1R0:N5h4iitHfaeMK0tYEmgR0

Score

10^/10

zloader google1 google1 botnet discovery persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

google1

Campaign

google1

C2

https://eecakesconf.at/web982/gate.php

Attributes

build_id
2

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  8cb1f8662f950b1a5e3f3d84f951f46b9c81a514a262c5cc396c68ce875973dc.exe
- Size
  
  736KB
- MD5
  
  8c0dc16ba5fd7635dba06b3d4872c51f
- SHA1
  
  cccccaf9625dacaba54d559be781797e6ae6240c
- SHA256
  
  8cb1f8662f950b1a5e3f3d84f951f46b9c81a514a262c5cc396c68ce875973dc
- SHA512
  
  ede2597b22b67e0494cf1511479edcf0937df8eaa1f9c3a38812a7892b8f88362d9c5e40bf03be8d77156f07b5ee010cea14008d6ad7ae2be4ac742fcf8b64c3
- SSDEEP
  
  12288:63M5h4oeHrmyXxI4PVHMC9F85MueMmlUt9/lYU++m/PzsDG6P1R0:N5h4iitHfaeMK0tYEmgR0
Score

10^/10

zloader google1 google1 botnet discovery persistence trojan
- Zloader family
  zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadergoogle1google1botnetdiscoverypersistencetrojan

behavioral2

zloadergoogle1google1botnetdiscoverypersistencetrojan