Overview

overview

10

Static

static

c0b72720ea...1b.dll

windows7_x64

10

c0b72720ea...1b.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c0b72720ea048f69d5b11be9b0588952b5c5769fbabada15366d4b2eb4e72e1b

  • Size

    561KB

  • Sample

    220205-mnfqfaaffl

  • MD5

    d4685d647bdb784b300ba11cee5dff33

  • SHA1

    64abd988fe2fcb7f4dd47fde166d580b1ca08224

  • SHA256

    c0b72720ea048f69d5b11be9b0588952b5c5769fbabada15366d4b2eb4e72e1b

  • SHA512

    7df9383d8bd5caec3c3fa690f8e3a0106854f527995dc9b9d6f8320eb023b4523af3aca0f4458d8b67e30e4b86eef709c146b99843ee1eba60566a84c9928f4b

Score
10/10
zloader08/04botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php
Attributes
  • build_id

    134

rc4.plain

Targets

    • Target

      c0b72720ea048f69d5b11be9b0588952b5c5769fbabada15366d4b2eb4e72e1b

    • Size

      561KB

    • MD5

      d4685d647bdb784b300ba11cee5dff33

    • SHA1

      64abd988fe2fcb7f4dd47fde166d580b1ca08224

    • SHA256

      c0b72720ea048f69d5b11be9b0588952b5c5769fbabada15366d4b2eb4e72e1b

    • SHA512

      7df9383d8bd5caec3c3fa690f8e3a0106854f527995dc9b9d6f8320eb023b4523af3aca0f4458d8b67e30e4b86eef709c146b99843ee1eba60566a84c9928f4b

    Score
    10/10
    zloader08/04botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks