zloader | deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2 | Triage

Sharing

General

Target

yfuvqe.dll
Size

389KB
Sample

200812-2qdn69qtce
MD5

93c0cd9a47c5c28335e773c1f451f200
SHA1

0c53b71e52a382f2a920df2d80048b01616c62c4
SHA256

deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2
SHA512

cf6ae7d6b2ecbb3cbfbd99c067dd7b7b94572991aee00d00fb423acce9edd234a8662e00943873dcbf0931115871356ab57191f8be3b9041a779ce2b02a39223

Score

10^/10

zloader mk1 mac2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://alesirovone.world/click.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  yfuvqe.dll
- Size
  
  389KB
- MD5
  
  93c0cd9a47c5c28335e773c1f451f200
- SHA1
  
  0c53b71e52a382f2a920df2d80048b01616c62c4
- SHA256
  
  deac9f705c6ddd2795f31b9d55ace3f3de1e20de314b0c20f1a2e90fdf259cb2
- SHA512
  
  cf6ae7d6b2ecbb3cbfbd99c067dd7b7b94572991aee00d00fb423acce9edd234a8662e00943873dcbf0931115871356ab57191f8be3b9041a779ce2b02a39223
Score

10^/10

trojan botnet zloader
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2

trojanbotnetzloader