General

  • Target

    zloader 2_1.0.15.0.vir

  • Size

    128KB

  • Sample

    200719-72xnqj8paa

  • MD5

    33d2581d7d36acde729ce52c5d106d79

  • SHA1

    48b9cbe0f6922d6c844ab7b7122bc0cd389bf711

  • SHA256

    66f49a261b6086dfdd1c3e2a21f7cb746aa35707490cbd64693d66383ba54c64

  • SHA512

    75acc63cb9c38c0dd3d1759c93f38fc41e62b8853146267b6d80c7b979cf9bf281d3bd44519f1f6a9085d161a4a3d5abc5c71702c914382645e55af3fd6c8770

Malware Config

Targets

    • Target

      zloader 2_1.0.15.0.vir

    • Size

      128KB

    • MD5

      33d2581d7d36acde729ce52c5d106d79

    • SHA1

      48b9cbe0f6922d6c844ab7b7122bc0cd389bf711

    • SHA256

      66f49a261b6086dfdd1c3e2a21f7cb746aa35707490cbd64693d66383ba54c64

    • SHA512

      75acc63cb9c38c0dd3d1759c93f38fc41e62b8853146267b6d80c7b979cf9bf281d3bd44519f1f6a9085d161a4a3d5abc5c71702c914382645e55af3fd6c8770

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks