zloader | ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136 | Triage

Sharing

General

Target

SecuriteInfo.com.RDML.DpsH1LBgrxgJWYTghsHC1w.19203
Size

579KB
Sample

200629-2yxnl9dy5j
MD5

8eadf95159003d1eb5609a57444d9aa9
SHA1

c3dce7311306f98f78c96b7a1af4f44df3583095
SHA256

ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
SHA512

3850334163c1f879eb1458d3c7c292aac7159f9c8cfb6bccbecb7dfa50cc63cdf0b798602b6ba813b20ef0a611d622f637ace03642991614a7ada776972d7fde

Score

10^/10

zloader botnet evasion spyware trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.RDML.DpsH1LBgrxgJWYTghsHC1w.19203
- Size
  
  579KB
- MD5
  
  8eadf95159003d1eb5609a57444d9aa9
- SHA1
  
  c3dce7311306f98f78c96b7a1af4f44df3583095
- SHA256
  
  ca755b8915cb1025b4b5748e12cd7d3cbdccbcf90fd5986c911b066043d6d136
- SHA512
  
  3850334163c1f879eb1458d3c7c292aac7159f9c8cfb6bccbecb7dfa50cc63cdf0b798602b6ba813b20ef0a611d622f637ace03642991614a7ada776972d7fde
Score

10^/10

trojan botnet zloader evasion spyware
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbotnetzloaderevasionspyware

behavioral2

trojanbotnetzloader