zloader | ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003 | Triage

Sharing

General

Target

ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
Size

561KB
Sample

220205-kapebaheb6
MD5

a01c8c45a9e54684ae643dd409110ac8
SHA1

2124dc39d9ba939a83fbc5782772a0e062998f92
SHA256

ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
SHA512

d277f8b95fd331811c04221abe1d85ef0cf09c07590fe7025c7e46a268ccd5f5f0768a91aa2c2f7fcf9167e703bc14c9a7a047084906710b41308e5a636aaeb2

Score

10^/10

zloader 08/04 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php

Attributes

build_id
134

rc4.plain

Targets

- Target
  
  ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
- Size
  
  561KB
- MD5
  
  a01c8c45a9e54684ae643dd409110ac8
- SHA1
  
  2124dc39d9ba939a83fbc5782772a0e062998f92
- SHA256
  
  ec0f8a5cc597e97224b6f32f462a1e97f10380c2c45ea31a89059c1d2c08a003
- SHA512
  
  d277f8b95fd331811c04221abe1d85ef0cf09c07590fe7025c7e46a268ccd5f5f0768a91aa2c2f7fcf9167e703bc14c9a7a047084906710b41308e5a636aaeb2
Score

10^/10

zloader 08/04 botnet trojan persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloader08/04botnettrojan

behavioral2