zloader | 455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb | Triage

Sharing

General

Target

SecuriteInfo.com.Win32.Kryptik.HENB.25036
Size

579KB
Sample

200630-mpqlf5s3ka
MD5

08dac5157102790bb1c6d3a65660db37
SHA1

e48fc7a827613aa62fde4c38d239704bfb6d8b95
SHA256

455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
SHA512

a006c26cdd8da705cbadc9f9837efe4c4feed5ba8dbf5348520a3e66c2c56ab5842c74bdae7ad1cc255a4be0f763325301784190d26bcd7691e43f9f7b2e19de

Score

10^/10

zloader botnet evasion spyware trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.Win32.Kryptik.HENB.25036
- Size
  
  579KB
- MD5
  
  08dac5157102790bb1c6d3a65660db37
- SHA1
  
  e48fc7a827613aa62fde4c38d239704bfb6d8b95
- SHA256
  
  455c21fbac342659cd4b5cc162772117cce60f6b59f04dba0dd4327868a428eb
- SHA512
  
  a006c26cdd8da705cbadc9f9837efe4c4feed5ba8dbf5348520a3e66c2c56ab5842c74bdae7ad1cc255a4be0f763325301784190d26bcd7691e43f9f7b2e19de
Score

10^/10

evasion spyware trojan botnet zloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

evasionspywaretrojanbotnetzloader

behavioral2

trojanbotnetzloader