Overview

overview

8

Static

static

zloader_1....ir.exe

windows7_x64

8

zloader_1....ir.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader_1.8.0.0.vir

  • Size

    3.3MB

  • Sample

    200719-k5n696121j

  • MD5

    8211a69a3a068265e8b9ab03e4546581

  • SHA1

    e4e520c3ae68ab2ed566d1f090ef0dc5c8003b0e

  • SHA256

    f6c6a59c54373d9a49e7a5a7aa859d6bda9f5826e4bb652f5898fa78c8748f39

  • SHA512

    5b52482d6de03084fcf06c846f59f6455ab3635b80c100d523f48ae780e4f31675948488f00005806416d76c4e056ca87a96d6db7dae9e80d941c2226dbf2075

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      zloader_1.8.0.0.vir

    • Size

      3.3MB

    • MD5

      8211a69a3a068265e8b9ab03e4546581

    • SHA1

      e4e520c3ae68ab2ed566d1f090ef0dc5c8003b0e

    • SHA256

      f6c6a59c54373d9a49e7a5a7aa859d6bda9f5826e4bb652f5898fa78c8748f39

    • SHA512

      5b52482d6de03084fcf06c846f59f6455ab3635b80c100d523f48ae780e4f31675948488f00005806416d76c4e056ca87a96d6db7dae9e80d941c2226dbf2075

    Score
    8/10
    spywareevasiontrojanpersistence

    • Blacklisted process makes network request

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks