zloader | 0889271c721391d625a19391275f0e6bf244a5548a1a6eb673c6e16a48e960e1 | Triage

Sharing

General

Target

0889271c721391d625a19391275f0e6bf244a5548a1a6eb673c6e16a48e960e1
Size

170KB
Sample

241018-de7ccsshnc
MD5

7339d426a3968dbfcd9f1f6043f2d91f
SHA1

af40aa784ab77899200410ea45809cac3db909a0
SHA256

0889271c721391d625a19391275f0e6bf244a5548a1a6eb673c6e16a48e960e1
SHA512

04ec77928e5a4b62bf75a4613ba105e43a2a58458cb8d07a32055014987b14f0c8b5e72d48ca664c5efbc34270b549a9ca08e7b36487a6c574feacc920b83bfa
SSDEEP

3072:CM6/5WHoRkeQilLJWs+XSpo66ftDdgf6Q7e7Ca4vR1ECBLMK9pb6r9BhMTvPhbQn:kYHriRJeeo6st9Ae7HI1iKHUnudrW

Score

10^/10

zloader 10/03 botnet discovery persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

10/03

C2

https://dhteijwrb.host/milagrecf.php

https://aquolepp.pw/milagrecf.php

Attributes

build_id
83

rc4.plain

Targets

- Target
  
  0889271c721391d625a19391275f0e6bf244a5548a1a6eb673c6e16a48e960e1
- Size
  
  170KB
- MD5
  
  7339d426a3968dbfcd9f1f6043f2d91f
- SHA1
  
  af40aa784ab77899200410ea45809cac3db909a0
- SHA256
  
  0889271c721391d625a19391275f0e6bf244a5548a1a6eb673c6e16a48e960e1
- SHA512
  
  04ec77928e5a4b62bf75a4613ba105e43a2a58458cb8d07a32055014987b14f0c8b5e72d48ca664c5efbc34270b549a9ca08e7b36487a6c574feacc920b83bfa
- SSDEEP
  
  3072:CM6/5WHoRkeQilLJWs+XSpo66ftDdgf6Q7e7Ca4vR1ECBLMK9pb6r9BhMTvPhbQn:kYHriRJeeo6st9Ae7HI1iKHUnudrW
Score

10^/10

zloader 10/03 botnet discovery persistence trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

zloader10/03botnetdiscoverypersistencetrojan

behavioral2

zloaderbotnetdiscoverypersistencetrojan