zloader | f93cb3cd80e276260d8d31bbd91c975749971fcb92f0aa758120e1d0d774851d | Triage

Sharing

General

Target

slk.dll
Size

647KB
Sample

201109-5jxzp7qy5e
MD5

873982df6031467ba2cbdddcc95087b2
SHA1

d9beed9380355cd36901b057d15614178c534c50
SHA256

f93cb3cd80e276260d8d31bbd91c975749971fcb92f0aa758120e1d0d774851d
SHA512

7b451cb04b0ed83a7854f50263c78da3cbf7ccb68a6ff46f625f8f7d7a13372f1769204d10f378e0f5506fc0573d2d625ec14714e9557d743a03d4522bbc6795

Score

10^/10

zloader bot5 bot5 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

Targets

- Target
  
  slk.dll
- Size
  
  647KB
- MD5
  
  873982df6031467ba2cbdddcc95087b2
- SHA1
  
  d9beed9380355cd36901b057d15614178c534c50
- SHA256
  
  f93cb3cd80e276260d8d31bbd91c975749971fcb92f0aa758120e1d0d774851d
- SHA512
  
  7b451cb04b0ed83a7854f50263c78da3cbf7ccb68a6ff46f625f8f7d7a13372f1769204d10f378e0f5506fc0573d2d625ec14714e9557d743a03d4522bbc6795
Score

10^/10

zloader bot5 bot5 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbot5bot5botnettrojan

behavioral2

zloaderbot5bot5botnettrojan