Overview

overview

10

Static

static

10

zloader 2_...ir.exe

windows7_x64

10

zloader 2_...ir.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader 2_1.0.14.0.vir

  • Size

    130KB

  • Sample

    200719-wrt25yszze

  • MD5

    88adb0b457ea881c4b09ee65a8ee72f6

  • SHA1

    45131fff959d36d51c5ba07b369ffa9a2db32499

  • SHA256

    8afa8c9fc4f0d3c24dfc03477fb93c5df5e1c75b3926e5127a3d4aca6fa43a83

  • SHA512

    8c6652257e18aa0adcc18c5a70783317d0ebdc00dbc66f83d715d3c02dff4dfe34e1313c5a859598996e8179132df274a497b2dd419baf78a0aca2af182c0b70

Score
10/10
zloadersacaadw2botnetpersistencetrojan

Malware Config

Extracted

Family

zloader

Botnet

saca

Campaign

adw2

C2

https://thoughtlibrary.top/library/topikpost.php

https://islacangrejo.fun/library/topikpost.php
rc4.plain

Targets

    • Target

      zloader 2_1.0.14.0.vir

    • Size

      130KB

    • MD5

      88adb0b457ea881c4b09ee65a8ee72f6

    • SHA1

      45131fff959d36d51c5ba07b369ffa9a2db32499

    • SHA256

      8afa8c9fc4f0d3c24dfc03477fb93c5df5e1c75b3926e5127a3d4aca6fa43a83

    • SHA512

      8c6652257e18aa0adcc18c5a70783317d0ebdc00dbc66f83d715d3c02dff4dfe34e1313c5a859598996e8179132df274a497b2dd419baf78a0aca2af182c0b70

    Score
    10/10
    persistencetrojanbotnetzloader

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Blacklisted process makes network request

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks