zloader | 8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea | Triage

Sharing

General

Target

bbc.bin
Size

473KB
Sample

201109-4p7nx4rk3e
MD5

aa4aeb307ed9ba808bd44c76903ea628
SHA1

a783ccc6e3b2439cc43285e86303d671de933452
SHA256

8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
SHA512

62747041187dff6b02f717bb9be71cc05b72a14ce5e92be4216230f9d385ac214423476ef4c9afe9e3c268f8460ab6058fa8087186a196cd5de34c285a403174

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  bbc.bin
- Size
  
  473KB
- MD5
  
  aa4aeb307ed9ba808bd44c76903ea628
- SHA1
  
  a783ccc6e3b2439cc43285e86303d671de933452
- SHA256
  
  8179cb45ba2d6df0d25f9e1f382c5b9e8b9b703e4404fa19a9002c78418dedea
- SHA512
  
  62747041187dff6b02f717bb9be71cc05b72a14ce5e92be4216230f9d385ac214423476ef4c9afe9e3c268f8460ab6058fa8087186a196cd5de34c285a403174
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan