zloader | 3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd | Triage

Sharing

General

Target

3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
Size

364KB
Sample

220524-t7qs3shgh9
MD5

c8492a0451b8379fcf2d0134a787b79a
SHA1

5ee7bc744232d53edd327fdbd8a7a77561857738
SHA256

3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
SHA512

3e97bcf4223d3f0b3743069154a072778ce0a41af8a93ac2c4d8fe44cbce9ea9224f1d3d8886c64cb95d42a289cc3ac0ca788ad2e4316f22a55298d92498b4b5

Score

10^/10

zloader bot5 bot5 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bot5

Campaign

bot5

C2

https://militanttra.at/owg.php

Attributes

build_id
15

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
- Size
  
  364KB
- MD5
  
  c8492a0451b8379fcf2d0134a787b79a
- SHA1
  
  5ee7bc744232d53edd327fdbd8a7a77561857738
- SHA256
  
  3e2354b37dcfbcc1b0059cd1dfa87bc2fc3ad4d183a0dbc64768d1a11ee04bdd
- SHA512
  
  3e97bcf4223d3f0b3743069154a072778ce0a41af8a93ac2c4d8fe44cbce9ea9224f1d3d8886c64cb95d42a289cc3ac0ca788ad2e4316f22a55298d92498b4b5
Score

10^/10

zloader bot5 bot5 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

bot5bot5zloader

behavioral1

behavioral2

zloaderbot5bot5botnettrojan