zloader | 1fb1ee793145620cc4dd10fe67473b7de1e015a3328f86581ec994738fa9e978 | Triage

Sharing

General

Target

SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.21478
Size

473KB
Sample

201109-bhnt19zdqa
MD5

b805259a36611d94b40e1c6885547c02
SHA1

85b3428feab3d1c9029190d59ed0e509848bc691
SHA256

1fb1ee793145620cc4dd10fe67473b7de1e015a3328f86581ec994738fa9e978
SHA512

a59c9c58b01e46e593aacff5b4ecce2a37947252e69fe1076217e6f8a04e0c4e6f617456f8412da26675908262377e026aeaa52a242b4736d2bb35128580a5ea

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.21478
- Size
  
  473KB
- MD5
  
  b805259a36611d94b40e1c6885547c02
- SHA1
  
  85b3428feab3d1c9029190d59ed0e509848bc691
- SHA256
  
  1fb1ee793145620cc4dd10fe67473b7de1e015a3328f86581ec994738fa9e978
- SHA512
  
  a59c9c58b01e46e593aacff5b4ecce2a37947252e69fe1076217e6f8a04e0c4e6f617456f8412da26675908262377e026aeaa52a242b4736d2bb35128580a5ea
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbot5bot5botnetpersistencetrojan