zloader | ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba | Triage

Sharing

General

Target

zloader 2_1.1.19.0.vir
Size

280KB
Sample

200719-scqhlzv4cx
MD5

06cbf262293eb6689ce5d2e61c494f7a
SHA1

46ddf35b6ad2596d0fc666701fac599bc1f7b534
SHA256

ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba
SHA512

375bf59d11e89955315deb1b2d36d16776dbbde2c5cab5ca2fe0d5f049aa30bac00643222a200126eb9a93a5e66e13b8ec39e29c2abbc356db8d301f1bb0768a

Score

10^/10

zloader 10/03 https://dhteijwrb.host/milagrecf.php botnet persistence trojan

Malware Config

Extracted

Family

zloader

Botnet

10/03

Campaign

https://dhteijwrb.host/milagrecf.php

C2

https://aquolepp.pw/milagrecf.php

rc4.plain

Targets

- Target
  
  zloader 2_1.1.19.0.vir
- Size
  
  280KB
- MD5
  
  06cbf262293eb6689ce5d2e61c494f7a
- SHA1
  
  46ddf35b6ad2596d0fc666701fac599bc1f7b534
- SHA256
  
  ec9668cae1c65020021d2c633b68286944f1e6b1ddf5183d40ef823607e29cba
- SHA512
  
  375bf59d11e89955315deb1b2d36d16776dbbde2c5cab5ca2fe0d5f049aa30bac00643222a200126eb9a93a5e66e13b8ec39e29c2abbc356db8d301f1bb0768a
Score

10^/10

trojan botnet zloader persistence
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanbotnetzloaderpersistence

behavioral2

trojanbotnetzloaderpersistence