zloader | 889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8 | Triage

Sharing

General

Target

889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8
Size

334KB
Sample

220625-gk582aafg8
MD5

68614fa2335fb83b70f21e9a52d21564
SHA1

108dbe69275819d24db77fc168acf55eedf12889
SHA256

889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8
SHA512

6a1ead3489c7bc789b4e4e4eed665e4d1036e14191449e2604bb6ef72e6cf6345f89e494c5beeac80f15d60b9d2d08bb93298b9bd0dcdd1a9511df5a0ed9475f

Score

10^/10

zloader 27/02 botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

27/02

C2

https://soficatan.site/milagrecf.php

https://barbeyo.xyz/milagrecf.php

Attributes

build_id
70

rc4.plain

Targets

- Target
  
  889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8
- Size
  
  334KB
- MD5
  
  68614fa2335fb83b70f21e9a52d21564
- SHA1
  
  108dbe69275819d24db77fc168acf55eedf12889
- SHA256
  
  889722c569e213d506fd37d940b1056cac7b1baf981276313178d5cc429e13e8
- SHA512
  
  6a1ead3489c7bc789b4e4e4eed665e4d1036e14191449e2604bb6ef72e6cf6345f89e494c5beeac80f15d60b9d2d08bb93298b9bd0dcdd1a9511df5a0ed9475f
Score

10^/10

zloader 27/02 botnet persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloader27/02botnetpersistencetrojan

behavioral2

zloader27/02botnetpersistencetrojan