zloader | b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sample.bin
Size

360KB
Sample

200709-hnmb9rzswa
MD5

51e92b188d28211c9d6930ee232c311b
SHA1

f152329df180bc65ea479502346d649b973449bc
SHA256

b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
SHA512

c0d66f831fadb76c3bf197731b58cfa535ec2d658bd3af47024b16b2986b0433ef554be37370c31eeffe06e557d17464c36271d67241018ae76fe68d4281a694

Score

10^/10

zloader nut 08/07 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

08/07

C2

https://rdaprint.in/wp-parsing.php

https://vishweshwarastrology.com/wp-parsing.php

https://statpasapipag.tk/wp-parsing.php

https://www.netinup.it/wp-parsing.php

https://www.oneolimpio.tech/wp-parsing.php

https://hanskingrypgirigolf.ml/wp-parsing.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  sample.bin
- Size
  
  360KB
- MD5
  
  51e92b188d28211c9d6930ee232c311b
- SHA1
  
  f152329df180bc65ea479502346d649b973449bc
- SHA256
  
  b715ce2fa69bc8384df1a4137b50bc30e05c0f3f557fe8608635744543b9976d
- SHA512
  
  c0d66f831fadb76c3bf197731b58cfa535ec2d658bd3af47024b16b2986b0433ef554be37370c31eeffe06e557d17464c36271d67241018ae76fe68d4281a694
Score

10^/10

trojan botnet zloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2

trojanbotnetzloader