zloader | ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2 | Triage

Sharing

General

Target

SecuriteInfo.com.Generic.mg.900341b737237e8e.6099
Size

506KB
Sample

201109-bwx4ne32hj
MD5

900341b737237e8e241d50dbfbf11e0d
SHA1

989a6a64f162b09746a7bf36dfb238d5462aca64
SHA256

ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2
SHA512

67acbf22672951cb8b975589a779879b8320b88eb9b7e7655fe076bdeb7f0dc1b7a515fe4e95510a17c4e5f7a117612ca38e7feaa6520b1237cd96a5012c9033

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Generic.mg.900341b737237e8e.6099
- Size
  
  506KB
- MD5
  
  900341b737237e8e241d50dbfbf11e0d
- SHA1
  
  989a6a64f162b09746a7bf36dfb238d5462aca64
- SHA256
  
  ab92b7c54f6fb064001b3dadf306f85efa7344fc9efa88070bbcd91164e80af2
- SHA512
  
  67acbf22672951cb8b975589a779879b8320b88eb9b7e7655fe076bdeb7f0dc1b7a515fe4e95510a17c4e5f7a117612ca38e7feaa6520b1237cd96a5012c9033
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbot5bot5botnetpersistencetrojan