zloader | b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1 | Triage

Sharing

General

Target

Sample.bin
Size

376KB
Sample

200710-1t1c5gtkha
MD5

21d81add38d164fcf3afac2d306163d4
SHA1

f8df53445ba6cacdc63c7b9d1c666fbcf97c54f7
SHA256

b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1
SHA512

159d83e66d9521a310a87c248cce95c436d2098545c4ba041782185d40e3cef290b3a011267bf29c11e34c3ce5dde8f64d94014c55af69ec90430ce36bb59096

Score

10^/10

zloader nut 09/07 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

09/07

C2

http://draminski-retail.eu/wp-parsing.php

http://duanyong.top/wp-parsing.php

http://eternalstarculture.com/wp-parsing.php

http://gh99.cn/wp-parsing.php

https://nalighpicseracha.tk/wp-parsing.php

http://glossy.vn/wp-parsing.php

http://jiangchi.name/wp-parsing.php

https://roeslidegeralic.gq/wp-parsing.php

http://mawi.io/wp-parsing.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  Sample.bin
- Size
  
  376KB
- MD5
  
  21d81add38d164fcf3afac2d306163d4
- SHA1
  
  f8df53445ba6cacdc63c7b9d1c666fbcf97c54f7
- SHA256
  
  b8a7600b813dbd100629f8353a30592f21163319ab6229b1b46c2693483b2ae1
- SHA512
  
  159d83e66d9521a310a87c248cce95c436d2098545c4ba041782185d40e3cef290b3a011267bf29c11e34c3ce5dde8f64d94014c55af69ec90430ce36bb59096
Score

10^/10

trojan botnet zloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2

trojanbotnetzloader