Overview

overview

10

Static

static

8

29f4fa56df...6.xlsm

windows7_x64

10

29f4fa56df...6.xlsm

windows10_x64

10

Resubmissions

04-03-2021 13:27

210304-475dzzyvns 10

29-05-2020 15:54

200529-2wxrpzpnan 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm

  • Size

    86KB

  • Sample

    200529-2wxrpzpnan

  • MD5

    a758f5bfaeb275b5dfaf5be55a8b087b

  • SHA1

    eff178dfef00ee753f4a540107632e43ec4a4ef9

  • SHA256

    29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366

  • SHA512

    7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364

Score
10/10
zloaderbotnetevasionmacropersistencespywaretrojan

Malware Config

Targets

    • Target

      29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366.xlsm

    • Size

      86KB

    • MD5

      a758f5bfaeb275b5dfaf5be55a8b087b

    • SHA1

      eff178dfef00ee753f4a540107632e43ec4a4ef9

    • SHA256

      29f4fa56df55b1b53b2a8a6b27d2816436a75153eaf0533cf7d788d7026d8366

    • SHA512

      7e96b281aa9433bb05073ff0ee9cb9d94384ef6cf9b801d11d5d420d647c79310f18485fab340afa8d0eb9bcdc64ec7cf885ee5636fc7edcfbbfe54ff208f364

    Score
    10/10
    evasionspywaretrojanbotnetzloaderpersistence

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Enumerates connected drives

    • Modifies system certificate store

      evasionspywaretrojan

    • Modifies service

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

2
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks