zloader | ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a | Triage

Sharing

General

Target

ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a
Size

170KB
Sample

201109-2r2zfzhlte
MD5

0892f2d684b734d64517348a4df16964
SHA1

b2e6c4a27dec2c67197560c8f2b82d6e119406a3
SHA256

ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a
SHA512

2bcbc000057d62fc59e8b902b91a5b4456b816cd93464e3b0b288f092336f63e4086f88734fde792b850e524c600b7d361c42c04946e4bdb5f61406e172e707f

Score

10^/10

zloader 10/03 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

10/03

C2

https://dhteijwrb.host/milagrecf.php

https://aquolepp.pw/milagrecf.php

rc4.plain

Targets

- Target
  
  ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a
- Size
  
  170KB
- MD5
  
  0892f2d684b734d64517348a4df16964
- SHA1
  
  b2e6c4a27dec2c67197560c8f2b82d6e119406a3
- SHA256
  
  ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a
- SHA512
  
  2bcbc000057d62fc59e8b902b91a5b4456b816cd93464e3b0b288f092336f63e4086f88734fde792b850e524c600b7d361c42c04946e4bdb5f61406e172e707f
Score

10^/10

zloader 10/03 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

10/03https://dhteijwrb.host/milagrecf.phpzloader

behavioral1

zloader10/03https://dhteijwrb.host/milagrecf.phpbotnetpersistencetrojan

behavioral2

zloader10/03https://dhteijwrb.host/milagrecf.phpbotnetpersistencetrojan