zloader | 6a8d7d9f69295d8a68106d96bde2781bb083389c8adf8f9bd267c02928ce25e0 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKDZ.67644.2026.6473
Size

489KB
Sample

201109-3xphevazc2
MD5

a8aa044d714df3cb5c76851e3ac3b94d
SHA1

0db541b560fd810ae99b93852344a5250c56f11b
SHA256

6a8d7d9f69295d8a68106d96bde2781bb083389c8adf8f9bd267c02928ce25e0
SHA512

35adfb60947e9b4a1fb9f7a55b2010e25bc212aeb6fe374991e71c8fa4b8249e1126eb8fdfb53a5ae0dae52adf8c890f31a26a568520d9cd7f8e086d2c2965bd

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKDZ.67644.2026.6473
- Size
  
  489KB
- MD5
  
  a8aa044d714df3cb5c76851e3ac3b94d
- SHA1
  
  0db541b560fd810ae99b93852344a5250c56f11b
- SHA256
  
  6a8d7d9f69295d8a68106d96bde2781bb083389c8adf8f9bd267c02928ce25e0
- SHA512
  
  35adfb60947e9b4a1fb9f7a55b2010e25bc212aeb6fe374991e71c8fa4b8249e1126eb8fdfb53a5ae0dae52adf8c890f31a26a568520d9cd7f8e086d2c2965bd
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan