zloader | f9604372c577e72a1560e02bede724a35e0f011406fe19f409083a59867850ac | Triage

Sharing

General

Target

gbs.dll
Size

490KB
Sample

201109-4r7rt42xd2
MD5

7e6b567873d7922bb8e168e56fdc8f17
SHA1

e5204f9a8a106b8e1c931c32226d1904dd0b4fda
SHA256

f9604372c577e72a1560e02bede724a35e0f011406fe19f409083a59867850ac
SHA512

635fa8c1e723b6fa0adb0043e9d0949990801e6f839ba740fa074db534a5c04cf484eeacf4dc4caa7df01232dcece7cf46e780332e91b2bf126f37f3c0cda3ed

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  gbs.dll
- Size
  
  490KB
- MD5
  
  7e6b567873d7922bb8e168e56fdc8f17
- SHA1
  
  e5204f9a8a106b8e1c931c32226d1904dd0b4fda
- SHA256
  
  f9604372c577e72a1560e02bede724a35e0f011406fe19f409083a59867850ac
- SHA512
  
  635fa8c1e723b6fa0adb0043e9d0949990801e6f839ba740fa074db534a5c04cf484eeacf4dc4caa7df01232dcece7cf46e780332e91b2bf126f37f3c0cda3ed
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan