Overview

overview

10

Static

static

6

zloader 2_...ir.dll

windows7_x64

10

zloader 2_...ir.dll

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader 2_1.0.18.0.vir

  • Size

    448KB

  • Sample

    200719-l51fp63zbe

  • MD5

    a233e89a46b954cd46e6d543b96fd884

  • SHA1

    de323c3e4f362739cc6cf0a9989fbde6633d3bd5

  • SHA256

    38115c7bdc10cc2981e9ab126d98f5ccab66a4d4d787b90a704ba3823b07fb67

  • SHA512

    1bd3263c02060ec4444c07522610a440a16a5af1fde63edc0b9cf8564083abd812dab136c944f7a121f507a06413986e879cfe4c1cd5a7596143bf394a6aed84

Score
10/10
zloader24/02https://soficatan.site/milagrecf.phpbotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

24/02

Campaign

https://soficatan.site/milagrecf.php

C2

https://barbeyo.xyz/milagrecf.php

rc4.plain

Targets

    • Target

      zloader 2_1.0.18.0.vir

    • Size

      448KB

    • MD5

      a233e89a46b954cd46e6d543b96fd884

    • SHA1

      de323c3e4f362739cc6cf0a9989fbde6633d3bd5

    • SHA256

      38115c7bdc10cc2981e9ab126d98f5ccab66a4d4d787b90a704ba3823b07fb67

    • SHA512

      1bd3263c02060ec4444c07522610a440a16a5af1fde63edc0b9cf8564083abd812dab136c944f7a121f507a06413986e879cfe4c1cd5a7596143bf394a6aed84

    Score
    10/10
    trojanbotnetzloaderpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks