Overview

overview

10

Static

static

19f90b17a6...c4.dll

windows7_x64

10

19f90b17a6...c4.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

  • Size

    634KB

  • Sample

    220205-xama6secc4

  • MD5

    c7492b61b4138459b9d45b085f3c79c0

  • SHA1

    39b0ab8064f4e0d2e06775a8ef5dbc6a279db88f

  • SHA256

    19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

  • SHA512

    7b22e4b582ed6ff974862caed5b90cb49437e793fd10b7fcff798edb645e5b5b0dee8690e7ba5c6e7526e9e51259037ec8489d26e1b03c7639780ad27da676ed

Score
10/10
zloadermiguel08/04botnettrojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php
Attributes
  • build_id

    135

rc4.plain

Targets

    • Target

      19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

    • Size

      634KB

    • MD5

      c7492b61b4138459b9d45b085f3c79c0

    • SHA1

      39b0ab8064f4e0d2e06775a8ef5dbc6a279db88f

    • SHA256

      19f90b17a6bcf1c80551ae576d0949d51df8b8e26437a3a8aa6d5d4d344440c4

    • SHA512

      7b22e4b582ed6ff974862caed5b90cb49437e793fd10b7fcff798edb645e5b5b0dee8690e7ba5c6e7526e9e51259037ec8489d26e1b03c7639780ad27da676ed

    Score
    10/10
    zloadermiguel08/04botnettrojan

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

      trojanbotnetzloader

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks