General

  • Target

    zloader 2_1.0.16.0.vir

  • Size

    879KB

  • Sample

    200719-g5y1r6yxls

  • MD5

    6914f2cc19e40bd3343bbfc7c4994ac0

  • SHA1

    4f61764049697ee68cbbf126f60f7643675289a3

  • SHA256

    a8e65df2958dddac02f2d45995ec036f94299eb9e1a4a51fbfcc717095690ce7

  • SHA512

    9eeddaef12a809d0457f8d7aa2ad8b9cc0af199b86c6f158978d5cc0f893f267b9d6c175e6ab9e6fabd3e83ff03f96c193b4051d9b99684b0cffb0d41d11d1dd

Malware Config

Extracted

Family

zloader

Botnet

goldhub

Campaign

07.02_macros

C2

https://baj3tu.xyz/thread.php

rc4.plain

Targets

    • Target

      zloader 2_1.0.16.0.vir

    • Size

      879KB

    • MD5

      6914f2cc19e40bd3343bbfc7c4994ac0

    • SHA1

      4f61764049697ee68cbbf126f60f7643675289a3

    • SHA256

      a8e65df2958dddac02f2d45995ec036f94299eb9e1a4a51fbfcc717095690ce7

    • SHA512

      9eeddaef12a809d0457f8d7aa2ad8b9cc0af199b86c6f158978d5cc0f893f267b9d6c175e6ab9e6fabd3e83ff03f96c193b4051d9b99684b0cffb0d41d11d1dd

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks