zloader | b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706 | Triage

Sharing

General

Target

SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477
Size

579KB
Sample

200630-vfpsp3vvne
MD5

8c803e59b00506c97d382a0d628f35b5
SHA1

9550d3d3e18164d09fb962845b7bf8054eecc620
SHA256

b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
SHA512

0a06b98c25fc65c12f45823aa5edd0ed8f637f70c35f40cddc9925760b13db064bb2c1ab1ba9857c6e6efbb5e5208f6b13f7aa7a64ec28e1edf3f2530b86938f

Score

10^/10

zloader botnet evasion spyware trojan

Malware Config

Targets

- Target
  
  SecuriteInfo.com.C64.YzY0Ovy4hELZZb0e.10477
- Size
  
  579KB
- MD5
  
  8c803e59b00506c97d382a0d628f35b5
- SHA1
  
  9550d3d3e18164d09fb962845b7bf8054eecc620
- SHA256
  
  b7a306bd407cca438202bfb3b92abff60f959418c7fd129487a6510554ff5706
- SHA512
  
  0a06b98c25fc65c12f45823aa5edd0ed8f637f70c35f40cddc9925760b13db064bb2c1ab1ba9857c6e6efbb5e5208f6b13f7aa7a64ec28e1edf3f2530b86938f
Score

10^/10

trojan botnet zloader evasion spyware
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Modifies system certificate store
  evasion spyware trojan
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbotnetzloaderevasionspyware

behavioral2

trojanbotnetzloader