zloader | 7d5ef8e6c5738ebc13718eee67f0b6cc354f3e28b135e4a378f69d57043299b8 | Triage

Resubmissions

04-03-2021 12:41

210304-8d8tebnpxe 10

12-05-2020 16:47

200512-91qxgeb7d6 10

Sharing

General

Target

2.dll
Size

797KB
Sample

210304-8d8tebnpxe
MD5

3188d2f01ddf123f02b626c390886f66
SHA1

f342f7b0b49526047ef80e8fa916ea4c7afefacd
SHA256

7d5ef8e6c5738ebc13718eee67f0b6cc354f3e28b135e4a378f69d57043299b8
SHA512

ebcb8ccf28c76eee2ee683259af0c05088a2e0b862da35707037c2eb4c28b4c70cc7ae31e377893978a9c2f28a0fa6a3e738d9ba8700857b3f7184592be5d7b3

Score

10^/10

zloader 12/05 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

12/05

C2

https://japanjisho.info/wp-parser.php

https://home.comegico.com.mx/wp-parser.php

https://hormonas.comegico.com.mx/wp-parser.php

https://hopime.com/wp-parser.php

https://gavrelets.ru/wp-parser.php

rc4.plain

Targets

- Target
  
  2.dll
- Size
  
  797KB
- MD5
  
  3188d2f01ddf123f02b626c390886f66
- SHA1
  
  f342f7b0b49526047ef80e8fa916ea4c7afefacd
- SHA256
  
  7d5ef8e6c5738ebc13718eee67f0b6cc354f3e28b135e4a378f69d57043299b8
- SHA512
  
  ebcb8ccf28c76eee2ee683259af0c05088a2e0b862da35707037c2eb4c28b4c70cc7ae31e377893978a9c2f28a0fa6a3e738d9ba8700857b3f7184592be5d7b3
Score

10^/10

zloader 12/05 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloader12/05botnettrojan

behavioral2

zloaderbotnettrojan