zloader | dffe08ed62a1fa304bba04af96dd54aee04140211093eade8548a4e667a53a42 | Triage

Sharing

General

Target

dffe08ed62a1fa304bba04af96dd54aee04140211093eade8548a4e667a53a42
Size

561KB
Sample

220205-kzdzwahgd7
MD5

0b58791eba34e73e6f778ef98be5dad8
SHA1

ee96ac3534fb8549b758458f75872ae288a58337
SHA256

dffe08ed62a1fa304bba04af96dd54aee04140211093eade8548a4e667a53a42
SHA512

48eda455107a786555886f88ee2036e40394225525b514d2d346048f1a7f73da44614b0718b49fcb112660df7de7a866436fe8b9c1592c3af16cae698f2d3f0c

Score

10^/10

zloader 08/04 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php

Attributes

build_id
134

rc4.plain

Targets

- Target
  
  dffe08ed62a1fa304bba04af96dd54aee04140211093eade8548a4e667a53a42
- Size
  
  561KB
- MD5
  
  0b58791eba34e73e6f778ef98be5dad8
- SHA1
  
  ee96ac3534fb8549b758458f75872ae288a58337
- SHA256
  
  dffe08ed62a1fa304bba04af96dd54aee04140211093eade8548a4e667a53a42
- SHA512
  
  48eda455107a786555886f88ee2036e40394225525b514d2d346048f1a7f73da44614b0718b49fcb112660df7de7a866436fe8b9c1592c3af16cae698f2d3f0c
Score

10^/10

zloader 08/04 botnet trojan persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Sets service image path in registry
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

zloader08/04botnettrojan

behavioral2

zloader08/04botnetpersistencetrojan