zloader | ff1ff76de533d2a904dea68e2c7b27d9f346a2bddedd3ab12a9181f6dbba55b2 | Triage

Sharing

General

Target

dok.dll
Size

489KB
Sample

201109-bcpfn6lyze
MD5

555b6f428755250c3f9e031829f7b1db
SHA1

e6c85e51373e67cc8f89465ebc564de80084a3a2
SHA256

ff1ff76de533d2a904dea68e2c7b27d9f346a2bddedd3ab12a9181f6dbba55b2
SHA512

bb1753d6473ebc9091d328ffc363dd6666741c31f784273223ed498a6f4ae471558b6ac4f9aec89da2356afa7cd49326ccbc4fcdf466fd6efbcdd82388810474

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  dok.dll
- Size
  
  489KB
- MD5
  
  555b6f428755250c3f9e031829f7b1db
- SHA1
  
  e6c85e51373e67cc8f89465ebc564de80084a3a2
- SHA256
  
  ff1ff76de533d2a904dea68e2c7b27d9f346a2bddedd3ab12a9181f6dbba55b2
- SHA512
  
  bb1753d6473ebc9091d328ffc363dd6666741c31f784273223ed498a6f4ae471558b6ac4f9aec89da2356afa7cd49326ccbc4fcdf466fd6efbcdd82388810474
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan