zloader | 9e2fa4b7f6deb04ea27330c49288b59646737eea5c37d21acc2d4433054b9e4e | Triage

Sharing

General

Target

uOUcRwG.bin
Size

536KB
Sample

201109-mtzcldpq1e
MD5

5f876d0f7e22485ed0d5b5e55d464a29
SHA1

1a6f7f166ba0cd568c3fa8bc8984940807fc8c24
SHA256

9e2fa4b7f6deb04ea27330c49288b59646737eea5c37d21acc2d4433054b9e4e
SHA512

e4356943be247753259ad9808e63bfa96b10b72c3d9f141769db3cb269f98b1a4a5b61038fd99f655bf1411ed2b06af5e5ee8a3a0d1574a3cfe57a6c4397ee76

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  uOUcRwG.bin
- Size
  
  536KB
- MD5
  
  5f876d0f7e22485ed0d5b5e55d464a29
- SHA1
  
  1a6f7f166ba0cd568c3fa8bc8984940807fc8c24
- SHA256
  
  9e2fa4b7f6deb04ea27330c49288b59646737eea5c37d21acc2d4433054b9e4e
- SHA512
  
  e4356943be247753259ad9808e63bfa96b10b72c3d9f141769db3cb269f98b1a4a5b61038fd99f655bf1411ed2b06af5e5ee8a3a0d1574a3cfe57a6c4397ee76
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan