zloader | 3e3fcbd20c7c3ab29be624b784fcee54589c78d80b97f3ffba776140b392bc19 | Triage

Sharing

General

Target

3e3fcbd20c7c3ab29be624b784fcee54589c78d80b97f3ffba776140b392bc19
Size

561KB
Sample

220205-t4lpysdehr
MD5

5379604500eac848ff6a33c97211cd7b
SHA1

5e3aa59ce244588b4fd2e1ba371c4ff0911adea3
SHA256

3e3fcbd20c7c3ab29be624b784fcee54589c78d80b97f3ffba776140b392bc19
SHA512

c8327321cf305d8079012f5984b9731ea29d7a0274e1cb0faab036c4643ca4172b367a1363b960d5cba4a708fefa947e592d480495c17d6e43016afa55475b70

Score

10^/10

zloader 08/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php

Attributes

build_id
134

rc4.plain

Targets

- Target
  
  3e3fcbd20c7c3ab29be624b784fcee54589c78d80b97f3ffba776140b392bc19
- Size
  
  561KB
- MD5
  
  5379604500eac848ff6a33c97211cd7b
- SHA1
  
  5e3aa59ce244588b4fd2e1ba371c4ff0911adea3
- SHA256
  
  3e3fcbd20c7c3ab29be624b784fcee54589c78d80b97f3ffba776140b392bc19
- SHA512
  
  c8327321cf305d8079012f5984b9731ea29d7a0274e1cb0faab036c4643ca4172b367a1363b960d5cba4a708fefa947e592d480495c17d6e43016afa55475b70
Score

10^/10

zloader 08/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloader08/04botnettrojan

behavioral2

zloader08/04botnettrojan