zloader | cafda1824f1e8bb323004bb1bc12d6b34312c34df1ce967568c8fffeec7871b4 | Triage

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKDZ.67644.486.11817
Size

489KB
Sample

201109-ydwwbatpsn
MD5

60d45d6e7a7d38dc5e9d0a778144cfcf
SHA1

15a1f24bccaff31ba1ad3d370f43b6c30736b982
SHA256

cafda1824f1e8bb323004bb1bc12d6b34312c34df1ce967568c8fffeec7871b4
SHA512

a2b5fe48d33fbefa6d9e1104a629925be525fc76a827e367aeac8bfcdb60e91725e1da017e0883838cffd6af1458c7520ef781fb1febb9ff672ccac4cbb44c56

Score

10^/10

zloader bot5 bot5 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKDZ.67644.486.11817
- Size
  
  489KB
- MD5
  
  60d45d6e7a7d38dc5e9d0a778144cfcf
- SHA1
  
  15a1f24bccaff31ba1ad3d370f43b6c30736b982
- SHA256
  
  cafda1824f1e8bb323004bb1bc12d6b34312c34df1ce967568c8fffeec7871b4
- SHA512
  
  a2b5fe48d33fbefa6d9e1104a629925be525fc76a827e367aeac8bfcdb60e91725e1da017e0883838cffd6af1458c7520ef781fb1febb9ff672ccac4cbb44c56
Score

10^/10

zloader bot5 bot5 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderbot5bot5botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan