zloader | 68438f6f427ae6d0a789715874296bad56eb46248e498e4ccd21bac412c2b142 | Triage

Sharing

General

Target

5cb7f1eb5a3bc9d05896b7691f88b58c029580b5f24d2726706c680b710f0b94.zip
Size

113KB
Sample

210304-q5fqb4gvja
MD5

a9c39c250146af72962ae0e1bf0b5621
SHA1

5be7d87172d1e444617fb18920205ca09fd715e5
SHA256

68438f6f427ae6d0a789715874296bad56eb46248e498e4ccd21bac412c2b142
SHA512

0cd798ace3fc8667e7ca41b57bcc7c65a32df7eb2a4fc270dd9c5d37401e6e51ebab63f89d2c61c28e4fe7c167d1a69e9de79635b31f1207dcbee69af0ac8212

Score

10^/10

zloader miguel 20/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

20/04

C2

https://dcaiqjgnbt.icu/wp-config.php

https://nmttxggtb.press/wp-config.php

rc4.plain

Targets

- Target
  
  5cb7f1eb5a3bc9d05896b7691f88b58c029580b5f24d2726706c680b710f0b94.dll
- Size
  
  187KB
- MD5
  
  333a0ed230fa3bb26e7a432783b19cb5
- SHA1
  
  b0ac79853c713283ee34bb31940b2d2954f6f223
- SHA256
  
  5cb7f1eb5a3bc9d05896b7691f88b58c029580b5f24d2726706c680b710f0b94
- SHA512
  
  d0c30d67c42b4b610fa882fdff05059857735269b3623fbb92ea57438ccb08b914c6a0de4c5cf343aeb1d02914231a3c097beb02daa03d2d59bc42293305060b
Score

10^/10

zloader miguel 20/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

miguel20/04zloader

behavioral1

zloadermiguel20/04botnettrojan

behavioral2

zloaderbotnettrojan