Overview

overview

10

Static

static

zloader 2_...ir.exe

windows7_x64

10

zloader 2_...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader 2_1.0.8.0.vir

  • Size

    243KB

  • Sample

    200719-67twab9dcn

  • MD5

    8e73a8a4a35ebfcc3e900ec4255cb296

  • SHA1

    21e475e46bc909b91942f564803cd7f90046bb8d

  • SHA256

    eafbd21a0f9f082fa2e94e010569d7fa8512d978087c2633d652b865b922465a

  • SHA512

    facc951d177237088cf316772cb600e0e9f88b4eda2eba43768db55b2e6642e59b059505104010ab4ec3527c6294e7332b36dc50c909bed706d3ce557314efb3

Score
10/10
zloaderuchitplohostuchitbotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

uchit

Campaign

plohostuchit

C2

https://oajdasnndkdahm.com/gate.php

https://kdsidsiadsakfsas.com/gate.php

https://jdafiasfjsafahhfs.com/gate.php

https://dasifosafjasfhasf.com/gate.php

https://kasfajfsafhasfhaf.com/gate.php

https://fdsjfjdsfjdsjfdjsfh.com/gate.php

https://fdsjfjdsfjdsdsjajjs.com/gate.php

https://idisaudhasdhasdj.com/gate.php

https://dsjdjsjdsadhasdas.com/gate.php

https://dsdjfhdsufudhjas.com/gate.php
rc4.plain

Targets

    • Target

      zloader 2_1.0.8.0.vir

    • Size

      243KB

    • MD5

      8e73a8a4a35ebfcc3e900ec4255cb296

    • SHA1

      21e475e46bc909b91942f564803cd7f90046bb8d

    • SHA256

      eafbd21a0f9f082fa2e94e010569d7fa8512d978087c2633d652b865b922465a

    • SHA512

      facc951d177237088cf316772cb600e0e9f88b4eda2eba43768db55b2e6642e59b059505104010ab4ec3527c6294e7332b36dc50c909bed706d3ce557314efb3

    Score
    10/10
    persistencetrojanbotnetzloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks