zloader | 6348bded936831629494c1d820fe8e3dbe3fb4d9f96940bbb4ca0c1872bef0ad | Triage

Resubmissions

14-04-2022 02:16

220414-cp91kagbem 10

04-10-2021 22:37

211004-2jzp3shcgp 10

Sharing

General

Target

tmp
Size

444KB
Sample

220414-cp91kagbem
MD5

c6b350b0d6f8dc37c144f76a57c9dbe7
SHA1

e637d8a29d46281a5fa97d84af1dfe1d72223157
SHA256

6348bded936831629494c1d820fe8e3dbe3fb4d9f96940bbb4ca0c1872bef0ad
SHA512

5220ff154b731a8a1d1e768552fee037cacb12412eff931384c105d4caa5483da64c11b4839ab44885214d4d8831b280687b54b2438f89a230fce68bf7692dff

Score

10^/10

zloader 26/03 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

26/03

C2

https://vfgthujbxd.xyz/milagrecf.php

https://todiks.xyz/milagrecf.php

Attributes

build_id
108

rc4.plain

Targets

- Target
  
  tmp
- Size
  
  444KB
- MD5
  
  c6b350b0d6f8dc37c144f76a57c9dbe7
- SHA1
  
  e637d8a29d46281a5fa97d84af1dfe1d72223157
- SHA256
  
  6348bded936831629494c1d820fe8e3dbe3fb4d9f96940bbb4ca0c1872bef0ad
- SHA512
  
  5220ff154b731a8a1d1e768552fee037cacb12412eff931384c105d4caa5483da64c11b4839ab44885214d4d8831b280687b54b2438f89a230fce68bf7692dff
Score

10^/10

zloader 26/03 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloader26/03botnetpersistencetrojan

behavioral2

zloader26/03botnetpersistencetrojan