zloader | 98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5 | Triage

Sharing

General

Target

zte.dll
Size

473KB
Sample

201109-31fgec9e6e
MD5

00cc931e3c4ce21eaed78d8ee7352c35
SHA1

ee66e9cb16520de48a1efe4e09368067d9ee1a78
SHA256

98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
SHA512

1ba56fe37631544d8c0238183bf04aed3ffad09999183fef18bb84493502cfc7a3c4109f03062e0ef5b31f00a923e9b8e01eac1e788e52d66b074c2f8f5a16cb

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  zte.dll
- Size
  
  473KB
- MD5
  
  00cc931e3c4ce21eaed78d8ee7352c35
- SHA1
  
  ee66e9cb16520de48a1efe4e09368067d9ee1a78
- SHA256
  
  98a58a4f1a0b1305c473eeafa6dac80c2e2edd7e8aa8fe6d32ccac81318de1e5
- SHA512
  
  1ba56fe37631544d8c0238183bf04aed3ffad09999183fef18bb84493502cfc7a3c4109f03062e0ef5b31f00a923e9b8e01eac1e788e52d66b074c2f8f5a16cb
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan