zloader | 92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa

General

Target

92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
Size

472KB
Sample

220205-pzv1lsbdh2
MD5

cf3dbc7f75f6588465e7550501609550
SHA1

ab140968ca7f8c8bfb13c7c7412fbe3575f0418b
SHA256

92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
SHA512

d2db1005e83548262c6e76fbb560feb9e8f527f5d107d68d8485558cc68ec389adbbb3008dba9293ecd49fd6a4c6273be3daac52c357eadc8343770b838df68f

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

April24misha

Campaign

April24misha

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://onfovdaqqrwbvdfoqnof.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

Attributes

build_id
122

rc4.plain

Targets

- Target
  
  92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
- Size
  
  472KB
- MD5
  
  cf3dbc7f75f6588465e7550501609550
- SHA1
  
  ab140968ca7f8c8bfb13c7c7412fbe3575f0418b
- SHA256
  
  92f61cc6548277705585cc0c28d553093323d802a1d0d2e9fe618ebeaa6752fa
- SHA512
  
  d2db1005e83548262c6e76fbb560feb9e8f527f5d107d68d8485558cc68ec389adbbb3008dba9293ecd49fd6a4c6273be3daac52c357eadc8343770b838df68f
Score

10^/10

zloader april24misha april24misha botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2