zloader | 19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4 | Triage

Sharing

General

Target

19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
Size

634KB
Sample

220205-xama6secc4
MD5

c7492b61b4138459b9d45b085f3c79c0
SHA1

39b0ab8064f4e0d2e06775a8ef5dbc6a279db88f
SHA256

19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
SHA512

7b22e4b582ed6ff974862caed5b90cb49437e793fd10b7fcff798edb645e5b5b0dee8690e7ba5c6e7526e9e51259037ec8489d26e1b03c7639780ad27da676ed

Score

10^/10

zloader miguel 08/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php

Attributes

build_id
135

rc4.plain

Targets

- Target
  
  19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
- Size
  
  634KB
- MD5
  
  c7492b61b4138459b9d45b085f3c79c0
- SHA1
  
  39b0ab8064f4e0d2e06775a8ef5dbc6a279db88f
- SHA256
  
  19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4
- SHA512
  
  7b22e4b582ed6ff974862caed5b90cb49437e793fd10b7fcff798edb645e5b5b0dee8690e7ba5c6e7526e9e51259037ec8489d26e1b03c7639780ad27da676ed
Score

10^/10

zloader miguel 08/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloadermiguel08/04botnettrojan

behavioral2

zloadermiguel08/04botnettrojan