zloader | 3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf | Triage

Resubmissions

17-11-2023 12:48

231117-p1qsaahd82 10

04-10-2021 11:43

211004-nvk46sgcfk 10

Sharing

General

Target

3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
Size

512KB
Sample

231117-p1qsaahd82
MD5

fa9b3dfdb4b97dfe0db5991472f89399
SHA1

5677f26e926c8c8d7f7bf7eb085a9e48549a268b
SHA256

3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
SHA512

e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74
SSDEEP

12288:7do6GchQc7N2h17L0/BRHdziwBAoXkW1SnyAP7:7O6G0Qc7Ne1c/BRH5JUfz

Score

10^/10

zloader miguel 20/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

miguel

Campaign

20/04

C2

https://dcaiqjgnbt.icu/wp-config.php

https://nmttxggtb.press/wp-config.php

Attributes

build_id
165

rc4.plain

Targets

- Target
  
  3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
- Size
  
  512KB
- MD5
  
  fa9b3dfdb4b97dfe0db5991472f89399
- SHA1
  
  5677f26e926c8c8d7f7bf7eb085a9e48549a268b
- SHA256
  
  3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
- SHA512
  
  e5ac96e3ef6ee9fa110b433c1c49a7f16f4ba6694ec76e10d31848ecd4f284b6845508979758a16121a63d6c4a1af2103268d6e03fbb1c6672005090d560cc74
- SSDEEP
  
  12288:7do6GchQc7N2h17L0/BRHdziwBAoXkW1SnyAP7:7O6G0Qc7Ne1c/BRH5JUfz
Score

10^/10

zloader miguel 20/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermiguel20/04botnettrojan

behavioral2

zloadermiguel20/04botnettrojan