zloader | 079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be | Triage

Sharing

General

Target

079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be
Size

476KB
Sample

211213-kxvvlseedm
MD5

cc00b3639732518c892f67f5e662c134
SHA1

d8ef7b39e9263ee7118ecf427a793cf8909b2e70
SHA256

079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be
SHA512

c6b0cf40120fb3d0cacba51209e219317f18e62d342913ef644ca21ec574424869760378e944f2db5891b3b3d637d7f4a6118cea7756ae3daaa18a04e7e7b91f

Score

10^/10

zloader jho 25/03 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

Jho

Campaign

25/03

C2

https://wgyvjbse.pw/milagrecf.php

https://botiq.xyz/milagrecf.php

Attributes

build_id
106

rc4.plain

Targets

- Target
  
  079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be
- Size
  
  476KB
- MD5
  
  cc00b3639732518c892f67f5e662c134
- SHA1
  
  d8ef7b39e9263ee7118ecf427a793cf8909b2e70
- SHA256
  
  079084e7c1bf1718ae6b10b285da7ed27cb4a48203846b60cecfbec502b666be
- SHA512
  
  c6b0cf40120fb3d0cacba51209e219317f18e62d342913ef644ca21ec574424869760378e944f2db5891b3b3d637d7f4a6118cea7756ae3daaa18a04e7e7b91f
Score

10^/10

zloader jho 25/03 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloaderjho25/03botnetpersistencetrojan

behavioral2

zloaderjho25/03botnettrojan