zloader | 1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf | Triage

Sharing

General

Target

PSCavX9M
Size

468KB
Sample

200708-x8yy9dqx92
MD5

f5e5d82309619334c508544cd9a20e63
SHA1

9820fde0873ec93779f619973544d047a8bd8afb
SHA256

1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
SHA512

85bb57c0eca4855db98f5dda944f2788fde758ac3992409a147fb21a334b0db06ce61e294ff528f868f1517d39e41345c315aa5ddcc7f8ccec49d161bdde00b4

Score

10^/10

zloader kev 07/07 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

07/07

C2

https://m.ultimatefitnessholiday.com/wp-parsing.php

https://netinup.it/wp-parsing.php

https://oneolimpio.tech/wp-parsing.php

https://adgersandviho.cf/wp-parsing.php

https://paraben-sticks.com/wp-parsing.php

https://tralsiwheepegangcomp.tk/wp-parsing.php

https://parceirosvendaativa.club/wp-parsing.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  PSCavX9M
- Size
  
  468KB
- MD5
  
  f5e5d82309619334c508544cd9a20e63
- SHA1
  
  9820fde0873ec93779f619973544d047a8bd8afb
- SHA256
  
  1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
- SHA512
  
  85bb57c0eca4855db98f5dda944f2788fde758ac3992409a147fb21a334b0db06ce61e294ff528f868f1517d39e41345c315aa5ddcc7f8ccec49d161bdde00b4
Score

10^/10

trojan botnet zloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2

trojanbotnetzloader