zloader | 096dda9c010522a17fbdbfda2caa8b3a3d88aecafd0287df082f2ca30fcc0e8a | Triage

Sharing

General

Target

096dda9c010522a17fbdbfda2caa8b3a3d88aecafd0287df082f2ca30fcc0e8a
Size

561KB
Sample

220205-yg6h3afaaq
MD5

e4e774e20da79849080fdf2496d99b74
SHA1

82dd2256410720084bdddd8b53c910149861f644
SHA256

096dda9c010522a17fbdbfda2caa8b3a3d88aecafd0287df082f2ca30fcc0e8a
SHA512

3697288d7ecddca6629e53fb88af0e8f147bd67b7385de588da3ecbf0b1cbc7cecabb2e1614c36a042d6b123551e2cd15646dfdca257aabebcb8788c768459c3

Score

10^/10

zloader 08/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

08/04

C2

https://kuaxbdkvbbmivbxkrrev.com/wp-config.php

https://hwbblyyrb.pw/wp-config.php

Attributes

build_id
134

rc4.plain

Targets

- Target
  
  096dda9c010522a17fbdbfda2caa8b3a3d88aecafd0287df082f2ca30fcc0e8a
- Size
  
  561KB
- MD5
  
  e4e774e20da79849080fdf2496d99b74
- SHA1
  
  82dd2256410720084bdddd8b53c910149861f644
- SHA256
  
  096dda9c010522a17fbdbfda2caa8b3a3d88aecafd0287df082f2ca30fcc0e8a
- SHA512
  
  3697288d7ecddca6629e53fb88af0e8f147bd67b7385de588da3ecbf0b1cbc7cecabb2e1614c36a042d6b123551e2cd15646dfdca257aabebcb8788c768459c3
Score

10^/10

zloader 08/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloader08/04botnettrojan

behavioral2