zloader | e66c91dc125d340382e6f7f19b30d9b956d6a35cf964e3b9bd7a83d499b7cf8d | Triage

Sharing

General

Target

bbc.dll
Size

473KB
Sample

201109-tvglhnrpte
MD5

1014db604ba2bec3f3fced80ceda90e1
SHA1

15bebd79b86b9ac50250ab500d9eadf84cd87f55
SHA256

e66c91dc125d340382e6f7f19b30d9b956d6a35cf964e3b9bd7a83d499b7cf8d
SHA512

3c41ff21053ac0bbbca90439aaecbafe813753f60bdedcabe20d3f89e8c6ef4231c3236852ee81b3ae0129f583d67ee6fbaa5ae3d14d34cbab66069d154984ac

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  bbc.dll
- Size
  
  473KB
- MD5
  
  1014db604ba2bec3f3fced80ceda90e1
- SHA1
  
  15bebd79b86b9ac50250ab500d9eadf84cd87f55
- SHA256
  
  e66c91dc125d340382e6f7f19b30d9b956d6a35cf964e3b9bd7a83d499b7cf8d
- SHA512
  
  3c41ff21053ac0bbbca90439aaecbafe813753f60bdedcabe20d3f89e8c6ef4231c3236852ee81b3ae0129f583d67ee6fbaa5ae3d14d34cbab66069d154984ac
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbot5bot5botnetpersistencetrojan