General

  • Target

    zloader 2_1.0.7.0.vir

  • Size

    422KB

  • Sample

    200719-zjz6b357zs

  • MD5

    74483bc98982a9eb86823cc643edd939

  • SHA1

    a596acc431dd9e84ca0eb1c5699fa1ac5381e629

  • SHA256

    00a2e100c5f4d7419e6612284e80b5612b080671b50f3ad9442b60e937f87967

  • SHA512

    e1d1adbace8d37bd1a055757252556cdd56fb2ad76cacdff76d3b8ea7d823587605c93c2ce9097a90f78108ff7ef380a937582634f8cd4a5f9f1cec63db793d9

Malware Config

Targets

    • Target

      zloader 2_1.0.7.0.vir

    • Size

      422KB

    • MD5

      74483bc98982a9eb86823cc643edd939

    • SHA1

      a596acc431dd9e84ca0eb1c5699fa1ac5381e629

    • SHA256

      00a2e100c5f4d7419e6612284e80b5612b080671b50f3ad9442b60e937f87967

    • SHA512

      e1d1adbace8d37bd1a055757252556cdd56fb2ad76cacdff76d3b8ea7d823587605c93c2ce9097a90f78108ff7ef380a937582634f8cd4a5f9f1cec63db793d9

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks