Overview

overview

10

Static

static

10

zloader.dll

windows7_x64

1

zloader.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    zloader.bin

  • Size

    184KB

  • Sample

    220214-1avt4acabp

  • MD5

    6e652cd4720937ac31e113a4c6496e82

  • SHA1

    599c42dd72c1469120b64470c17efc7d0ece9910

  • SHA256

    c21fbf33fe025c03f38ce6190fd011f01a3e9c03d99acd7648845c28ccbc3777

  • SHA512

    b906150fb492d20a9263b68e700444f8014135d89c6a520c13561cf9d0fe3d83e31980c44a86db87a1671a34e298049acb35e53cffdfe0f69b9cbd96426d97ef

Score
10/10
zloaderjho25/03

Malware Config

Extracted

Family

zloader

Botnet

Jho

Campaign

25/03

C2

https://wgyvjbse.pw/milagrecf.php

https://botiq.xyz/milagrecf.php
Attributes
  • build_id

    106

rc4.plain

Targets

    • Target

      zloader.bin

    • Size

      184KB

    • MD5

      6e652cd4720937ac31e113a4c6496e82

    • SHA1

      599c42dd72c1469120b64470c17efc7d0ece9910

    • SHA256

      c21fbf33fe025c03f38ce6190fd011f01a3e9c03d99acd7648845c28ccbc3777

    • SHA512

      b906150fb492d20a9263b68e700444f8014135d89c6a520c13561cf9d0fe3d83e31980c44a86db87a1671a34e298049acb35e53cffdfe0f69b9cbd96426d97ef

    Score
    10/10

    • Suspicious use of NtCreateProcessExOtherParentProcess

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks