zloader | 9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429 | Triage

Sharing

General

Target

bbc.dll
Size

473KB
Sample

201109-6dgl26y4lj
MD5

270b9afd39da9c6592da446a195bf0ef
SHA1

125207cb6681e3940f5ac6e1514a70d8a9a467a9
SHA256

9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
SHA512

e58fbb08b76361f37d09eb5721c54fd6b05fcde5073e33dd01631bf137e0dc9d4ea334c53dd2f7aae86ea75b231dcafea03f3bb3c5ba0dc12e12a99787dad22f

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  bbc.dll
- Size
  
  473KB
- MD5
  
  270b9afd39da9c6592da446a195bf0ef
- SHA1
  
  125207cb6681e3940f5ac6e1514a70d8a9a467a9
- SHA256
  
  9ce2908edf0994f493926514628054634858340fb73f219c38c013f34dd9a429
- SHA512
  
  e58fbb08b76361f37d09eb5721c54fd6b05fcde5073e33dd01631bf137e0dc9d4ea334c53dd2f7aae86ea75b231dcafea03f3bb3c5ba0dc12e12a99787dad22f
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbot5bot5botnetpersistencetrojan