zloader | d397fdc436fc68456b7d3887a21965139ccc4704e145fad800ffffd14851f9a6 | Triage

Sharing

General

Target

SecuriteInfo.com.Variant.Johnnie.253352.32494.27165
Size

536KB
Sample

201109-sn1f7nvvq2
MD5

2088bda3a4d241d5b4d2769afd4f78e0
SHA1

1db36876eff5b34fb0938b40dd1718dd4dfc36f0
SHA256

d397fdc436fc68456b7d3887a21965139ccc4704e145fad800ffffd14851f9a6
SHA512

2938b3d2fccb8d949f3847d8890fe581ad892a69963426c7be6ebac470378dcea08be81e53c2ce4aac89786f8d855be9dd26e732230f6295feea45e8770dd096

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Variant.Johnnie.253352.32494.27165
- Size
  
  536KB
- MD5
  
  2088bda3a4d241d5b4d2769afd4f78e0
- SHA1
  
  1db36876eff5b34fb0938b40dd1718dd4dfc36f0
- SHA256
  
  d397fdc436fc68456b7d3887a21965139ccc4704e145fad800ffffd14851f9a6
- SHA512
  
  2938b3d2fccb8d949f3847d8890fe581ad892a69963426c7be6ebac470378dcea08be81e53c2ce4aac89786f8d855be9dd26e732230f6295feea45e8770dd096
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbot5bot5botnetpersistencetrojan