Overview

overview

10

Static

static

zloader 2_...ir.exe

windows7_x64

10

zloader 2_...ir.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader 2_1.0.11.1.vir

  • Size

    441KB

  • Sample

    200719-pqqhq1gtva

  • MD5

    97d3b83e66faa406dcc2ce87131edafc

  • SHA1

    b825619c830b8da429cc83f526d4b88867c6308f

  • SHA256

    3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3

  • SHA512

    c4fcb9d2449c5de8400507c8a36d1bebe67dd181f2693cd4248a89db10c40c0b13c5e8a3413cd0c67cdcfe088c6611282e7364bbd1c6837ea15c673a1f3a873e

Score
10/10
zloaderonfalloutbotnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

on

Campaign

fallout

C2

https://ifjedssofllvcr.com/jbYm9bt/NlGkb4ivk.php

https://isfjiaaodwsoi.com/jbYm9bt/NlGkb4ivk.php

https://mslfiedjssfdes.com/jbYm9bt/NlGkb4ivk.php

https://sifeiwdjiesde.com/jbYm9bt/NlGkb4ivk.php

https://sldeodjiweiswi.com/jbYm9bt/NlGkb4ivk.php
rc4.plain

Targets

    • Target

      zloader 2_1.0.11.1.vir

    • Size

      441KB

    • MD5

      97d3b83e66faa406dcc2ce87131edafc

    • SHA1

      b825619c830b8da429cc83f526d4b88867c6308f

    • SHA256

      3428603e92a29c1d256f2d0d3c74d8dd9f8ea3eb7f56cc5204ce035395c1e3e3

    • SHA512

      c4fcb9d2449c5de8400507c8a36d1bebe67dd181f2693cd4248a89db10c40c0b13c5e8a3413cd0c67cdcfe088c6611282e7364bbd1c6837ea15c673a1f3a873e

    Score
    10/10
    trojanbotnetzloaderpersistence

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks