zloader | 1ebd00fea702726c0362a8ca95eab89e1c1d8ecfa313ced4f328328dd51429f0 | Triage

Sharing

General

Target

ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a.zip
Size

105KB
Sample

210304-xefjt5ydmj
MD5

08c8dc5d2fa92db3f434da90b1c47432
SHA1

4889f8685550fc7c576bc4d9f457f3fa82e4126f
SHA256

1ebd00fea702726c0362a8ca95eab89e1c1d8ecfa313ced4f328328dd51429f0
SHA512

897dfe60ddd7ba8ed7e2264c76ddae8fd17aff1832198f2510132cd84139800266c1b83b3ada69eef4b72a3f6415c08bff21f4bd57e8a4c52f4d02025eac3241

Score

10^/10

zloader 10/03 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

10/03

C2

https://dhteijwrb.host/milagrecf.php

https://aquolepp.pw/milagrecf.php

rc4.plain

Targets

- Target
  
  ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a.dll
- Size
  
  170KB
- MD5
  
  0892f2d684b734d64517348a4df16964
- SHA1
  
  b2e6c4a27dec2c67197560c8f2b82d6e119406a3
- SHA256
  
  ec602e8263aec44b7cc4fbf930e5bc9affdc8232e9dd84a86e01198a349a827a
- SHA512
  
  2bcbc000057d62fc59e8b902b91a5b4456b816cd93464e3b0b288f092336f63e4086f88734fde792b850e524c600b7d361c42c04946e4bdb5f61406e172e707f
Score

10^/10

zloader 10/03 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloader10/03botnetpersistencetrojan

behavioral2

zloaderbotnetpersistencetrojan