zloader | d834cc1a1651687b2fa80f1fd0c2c2b2579834f4cec81cb76dae4f28b5cc7c1f | Triage

Sharing

General

Target

Exampleth.zip
Size

344KB
Sample

201031-7q4cjsbf12
MD5

b097949c5ce78cb548dfd52a5d34b608
SHA1

7e6fa5070c6110d32896bf2868e7ff17b4d1379a
SHA256

d834cc1a1651687b2fa80f1fd0c2c2b2579834f4cec81cb76dae4f28b5cc7c1f
SHA512

ab1b9770af7cee8f052a50406231650396b116ccedc7fbdeb036debc4a6da3dc284701b7667149a36ad96e86c042f93ee21bdd143802fa422c93c01c6c20931f

Score

10^/10

zloader miguel 17/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

17/04

C2

https://lgepubbf.icu/wp-config.php

https://ajvwdjtebb.pw/wp-config.php

rc4.plain

Targets

- Target
  
  Exampleth.dll
- Size
  
  452KB
- MD5
  
  1c48729a2cfa0b985e36818822858436
- SHA1
  
  19d51e298f43c00af96861f1f6ffaf39132a187d
- SHA256
  
  f2e73ee6ab0ad79e0cd537bd856d9e694851912283bca7fb73eb3fc335528353
- SHA512
  
  538c1ddd8be6c91f99f5579589877031a89f64743678d3f1f6d3a2b10ff861f76768ff7d8bc7d4d2c7826ab820d2c4ff254eacb60a76fdf7c1af43c9bf72d424
Score

10^/10

zloader miguel 17/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermiguel17/04botnettrojan

behavioral2

zloadermiguel17/04botnettrojan