zloader | 1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c

General

Target

1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
Size

834KB
Sample

220205-xy148seeh7
MD5

9655fcc96226cc1c9b6190f154a03066
SHA1

33e65f6a0a939efe5c899bcd025609fa8b43d0bc
SHA256

1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
SHA512

26ff6450786373fa654244900ce3147c171217d64dcc814a2df49616a227e94e53b91ad08e012cc952f03873959e6d482afdd5553e9a97422f6317be37719ab9

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

23.04.2020

C2

https://coult.org/sound.php

https://tilyn.org/sound.php

https://rhald.org/sound.php

https://rutom.org/sound.php

https://chorbly.org/sound.php

https://kodray.org/sound.php

Attributes

build_id
45

rc4.plain

Targets

- Target
  
  1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
- Size
  
  834KB
- MD5
  
  9655fcc96226cc1c9b6190f154a03066
- SHA1
  
  33e65f6a0a939efe5c899bcd025609fa8b43d0bc
- SHA256
  
  1130c38b05892129ef1a97693b0d3797a45ec69fe0d95bc28e4b09e3d4dd0e9c
- SHA512
  
  26ff6450786373fa654244900ce3147c171217d64dcc814a2df49616a227e94e53b91ad08e012cc952f03873959e6d482afdd5553e9a97422f6317be37719ab9
Score

10^/10

zloader main 23.04.2020 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2