zloader | 3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf | Triage

Sharing

General

Target

3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
Size

512KB
Sample

211004-nwn78agcgl
MD5

fa9b3dfdb4b97dfe0db5991472f89399
SHA1

5677f26e926c8c8d7f7bf7eb085a9e48549a268b
SHA256

3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
SHA512

e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74

Score

10^/10

zloader miguel 20/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

20/04

C2

https://dcaiqjgnbt.icu/wp-config.php

https://nmttxggtb.press/wp-config.php

rc4.plain

Targets

- Target
  
  3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
- Size
  
  512KB
- MD5
  
  fa9b3dfdb4b97dfe0db5991472f89399
- SHA1
  
  5677f26e926c8c8d7f7bf7eb085a9e48549a268b
- SHA256
  
  3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
- SHA512
  
  e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74
Score

10^/10

zloader miguel 20/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermiguel20/04botnettrojan

behavioral2

zloadermiguel20/04botnettrojan