zloader | 6593fa326b8eb0b737a17889c50c539ac45f2f9215fdab50ffa62df1be7ec2d1 | Triage

Sharing

General

Target

s.dll
Size

1.0MB
Sample

201109-th2h7wr3zj
MD5

ff1ad63517df53adaefcbeecf71311a1
SHA1

69e3f9bbbf147d317da8bd59de3cdb3ca9043c6d
SHA256

6593fa326b8eb0b737a17889c50c539ac45f2f9215fdab50ffa62df1be7ec2d1
SHA512

f6de532a3fdb91dcfacd11442f80876037f4d6d0a382ac891ef0b03e5131596b7d3554d04d55d0d4f71a8990b2298da7bd344804f422e7cb909a981f83e7bc52

Score

10^/10

zloader miguel 14/05 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

14/05

C2

https://kickapoochiefsfootball.com/wp-parser.php

https://appsbispo.tk/wp-parser.php

http://staging4.allemny.net/wp-parser.php

https://dinghaomcc.com/wp-parser.php

https://bondarenkopjatk.ru/wp-parser.php

http://euromix.com.ua/wp-parser.php

rc4.plain

Targets

- Target
  
  s.dll
- Size
  
  1.0MB
- MD5
  
  ff1ad63517df53adaefcbeecf71311a1
- SHA1
  
  69e3f9bbbf147d317da8bd59de3cdb3ca9043c6d
- SHA256
  
  6593fa326b8eb0b737a17889c50c539ac45f2f9215fdab50ffa62df1be7ec2d1
- SHA512
  
  f6de532a3fdb91dcfacd11442f80876037f4d6d0a382ac891ef0b03e5131596b7d3554d04d55d0d4f71a8990b2298da7bd344804f422e7cb909a981f83e7bc52
Score

10^/10

zloader miguel 14/05 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermiguel14/05botnettrojan

behavioral2

zloaderbotnettrojan