zloader | bf98283002b88ad478a18eabbc356dd1c4c4a03d716b408b06610ee2a380eae1 | Triage

Sharing

General

Target

d294955e1962a7342f6706facfbc735b8d84e94bf1de9ed0d7aa87bfc838f1f8.zip
Size

105KB
Sample

210304-7l1vajp276
MD5

f5369c64e90755f94cba233dd1854df1
SHA1

6b0cf85a3588041b00c471b03042467a8748ae88
SHA256

bf98283002b88ad478a18eabbc356dd1c4c4a03d716b408b06610ee2a380eae1
SHA512

3d6010f64bab8c01a069afa1354944ea66342548ab560b6ae38949fc04423f5a0bfd0f1582f832f1cec71b02b78d1b84dabfdffae7c2b7594634cceb1bfc664c

Score

10^/10

zloader 10/03 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

10/03

C2

https://dhteijwrb.host/milagrecf.php

https://aquolepp.pw/milagrecf.php

rc4.plain

Targets

- Target
  
  d294955e1962a7342f6706facfbc735b8d84e94bf1de9ed0d7aa87bfc838f1f8.dll
- Size
  
  192KB
- MD5
  
  973392c2fd7228262e52becf3bfe2051
- SHA1
  
  d309f4073f2a3244e71013996b8ea8e6fcc7b16f
- SHA256
  
  d294955e1962a7342f6706facfbc735b8d84e94bf1de9ed0d7aa87bfc838f1f8
- SHA512
  
  58bbbbac404e2aa70c7c3dd65c3cf7356387a6632874b3e3ba896f0c18396dc3db1232d13fd2456e3ec4c138b4a2e90b45e2c6964d9b177415e2068f5d340ff7
Score

10^/10

zloader 10/03 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

zloader10/03botnetpersistencetrojan