zloader | df1005f62c74e1f8272eae5073eb0dbffa5fefcb39ce1c78a40ca33b3b888c0d | Triage

Sharing

General

Target

df1005f62c74e1f8272eae5073eb0dbffa5fefcb39ce1c78a40ca33b3b888c0d.zip
Size

151KB
Sample

250312-d6asgawps9
MD5

57b846fac99ca0b4e08996a2826a7ecc
SHA1

da0086bb4e01e15c088e385c9840532a9ef0ce09
SHA256

df1005f62c74e1f8272eae5073eb0dbffa5fefcb39ce1c78a40ca33b3b888c0d
SHA512

2790f548b3f375ecce307e272e0e2f677431403df8d5c6bd30cc35ec0e2c8179e87e2205074c6fe1b0a02c8d542ad7367ca8505610d80388485c0259963017f8
SSDEEP

3072:GwSDu9j+HBA4KDn1FfpFahuaieAOg9OcEBiF65EUaHoj4oQvAHb4FYUCo:GwSD4aH24oFfpMgOoOviAWobUFYUCo

Score

10^/10

zloader main 2020-07-02 botnet discovery persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

2020-07-02

C2

https://fopiese.com/web/data

https://dinctov.com/web/data

https://ennaser.com/web/data

https://hyatart.com/web/data

https://bladilk.com/web/data

https://giridly.com/web/data

https://pleclep.com/web/data

https://phanleb.com/web/data

Attributes

build_id
21

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2.exe
- Size
  
  246KB
- MD5
  
  061057161259e3df7d12dccb363e56f9
- SHA1
  
  1292e9b2ee9d566fe5b475835cc39dafbbb658ba
- SHA256
  
  00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
- SHA512
  
  b623b5f1142c560b9f9bc3689a2b53a3acacc93d443a1c2590433d6dc2975e2959243f1b5744720983fbbaa166f25b563b988025f7c4e3e6bf9ff6b720ba11c9
- SSDEEP
  
  6144:K/WlwYMhq0n6qsXUl8KdsbiLeb5Jx5cf:KfVJzsXUl81biCbnc
Score

10^/10

zloader main 2020-07-02 botnet discovery trojan persistence
- Zloader family
  zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadermain2020-07-02botnetdiscoverytrojan

behavioral2

zloadermain2020-07-02botnetdiscoverypersistencetrojan