zloader | fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab | Triage

Sharing

General

Target

zte(1).dll
Size

473KB
Sample

201109-pg6cpaqwna
MD5

13b3e008d5b8996c34a9247fbc412aa9
SHA1

6bcfb4f6385a4a78d39514763ed203ec7d4dc59f
SHA256

fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
SHA512

ee79fcdec5d4365a4a1d43cd60245917ac3a4128149d7c9666bccad7466e46d111d2c2901988643a835e2681011319909626d7f37dc12b3b6cbd20fa5b1efe30

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  zte(1).dll
- Size
  
  473KB
- MD5
  
  13b3e008d5b8996c34a9247fbc412aa9
- SHA1
  
  6bcfb4f6385a4a78d39514763ed203ec7d4dc59f
- SHA256
  
  fa240d61efeb769d33cc081f2086ae6b65cda847a80440c82d97867fd1fbd6ab
- SHA512
  
  ee79fcdec5d4365a4a1d43cd60245917ac3a4128149d7c9666bccad7466e46d111d2c2901988643a835e2681011319909626d7f37dc12b3b6cbd20fa5b1efe30
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan