zloader | 9a1f819c2b9de04e314248f10234c8bcb0ccfebbb6edf3e3edd1cd38450da4b5 | Triage

Sharing

General

Target

IGzSPlI.dll
Size

499KB
Sample

210304-e78fza7e1e
MD5

90361067f5a67c2f5d5bc552a51f2a5e
SHA1

91c3fb6c603d41e39c60c8e429c4151db94d8d83
SHA256

9a1f819c2b9de04e314248f10234c8bcb0ccfebbb6edf3e3edd1cd38450da4b5
SHA512

2b7ebeaec463b959511b9f79759070c537d0f105de8c747f2e5bd2e8070d2ba71a8607b497feed346ed7b9694bdb0f0ba2b0937eb03a9b46e7a8f48542343e5f

Score

10^/10

zloader bot5 bot5 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

rc4.plain

Targets

- Target
  
  IGzSPlI.dll
- Size
  
  499KB
- MD5
  
  90361067f5a67c2f5d5bc552a51f2a5e
- SHA1
  
  91c3fb6c603d41e39c60c8e429c4151db94d8d83
- SHA256
  
  9a1f819c2b9de04e314248f10234c8bcb0ccfebbb6edf3e3edd1cd38450da4b5
- SHA512
  
  2b7ebeaec463b959511b9f79759070c537d0f105de8c747f2e5bd2e8070d2ba71a8607b497feed346ed7b9694bdb0f0ba2b0937eb03a9b46e7a8f48542343e5f
Score

10^/10

zloader bot5 bot5 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbot5bot5botnettrojan

behavioral2

zloaderbot5bot5botnettrojan