zloader | 1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23 | Triage

Sharing

General

Target

t.dll
Size

931KB
Sample

201109-432c3hqcsa
MD5

d97340776c76a6a02c7195bdc0a856b7
SHA1

330545c5092c3a991bf1612abc228117f8a64b8f
SHA256

1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23
SHA512

1283f2bc82b5875c27641c5a5a216313442cb861608f7e0edb1978a12bf0b63fe68ce9e8303f8038b13a00b0422c128730eb7d034793d6b8518d63bb6ef0598e

Score

10^/10

zloader miguel 26/05 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

26/05

C2

https://cripuntisispoi.tk/wp-parser.php

https://unesrafho.cf/wp-parser.php

http://sannyjewelry.ir/wp-parser.php

http://printgenerator.sundaytimes.lk/wp-parser.php

rc4.plain

Targets

- Target
  
  t.dll
- Size
  
  931KB
- MD5
  
  d97340776c76a6a02c7195bdc0a856b7
- SHA1
  
  330545c5092c3a991bf1612abc228117f8a64b8f
- SHA256
  
  1267b822cde1edabfc063458232a5ed9ea03652416de96b8d12ecb1058c86e23
- SHA512
  
  1283f2bc82b5875c27641c5a5a216313442cb861608f7e0edb1978a12bf0b63fe68ce9e8303f8038b13a00b0422c128730eb7d034793d6b8518d63bb6ef0598e
Score

10^/10

zloader miguel 26/05 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermiguel26/05botnettrojan

behavioral2

zloadermiguel26/05botnettrojan