zloader | 0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Zusy.307926.22904.26447
Size

579KB
Sample

200630-glkc9w8ycn
MD5

1bd992ee2bddba2ac275719624e52c05
SHA1

97cb4429abb8825772a52edebcbaf06a8f9b5308
SHA256

0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
SHA512

0d50462d485bad5d62bfc0d4304dfc7fd33621d6546b387c8cd501c9605b49a80c4bc4f3e888592daa359c056ad98553554d6f19382ea9ac3f7efda2406893a5

Score

10^/10

zloader botnet evasion spyware trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Variant.Zusy.307926.22904.26447
- Size
  
  579KB
- MD5
  
  1bd992ee2bddba2ac275719624e52c05
- SHA1
  
  97cb4429abb8825772a52edebcbaf06a8f9b5308
- SHA256
  
  0573d56a84aac658edac1e93d08390c1a8378ed2d801b2460ac89a8ef643eb7d
- SHA512
  
  0d50462d485bad5d62bfc0d4304dfc7fd33621d6546b387c8cd501c9605b49a80c4bc4f3e888592daa359c056ad98553554d6f19382ea9ac3f7efda2406893a5
Score

10^/10

trojan botnet zloader evasion spyware
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbotnetzloaderevasionspyware

behavioral2

trojanbotnetzloader