zloader | 89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e | Triage

Sharing

General

Target

QsMrQht.dll
Size

390KB
Sample

201021-gcn91md7xs
MD5

eda1efdb96d94d91a2f69f92da494777
SHA1

6037c5618011853eb72a3bc1f80ff7189d8c9e98
SHA256

89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
SHA512

b97509174535d85899f458380c28899a5f128df1e53625b39d81b9cc3767c4864538c327d17bd4b7f0c371a52fe1ae0e4f8d93f263556193cf1b79830b5d6069

Score

10^/10

zloader divader xls_s_2010 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

divader

Campaign

xls_s_2010

C2

https://kochamkkkras.ru/gate.php

https://uookqihwdid.ru/gate.php

https://iqowijsdakm.ru/gate.php

https://wiewjdmkfjn.ru/gate.php

https://dksaoidiakjd.su/gate.php

https://iweuiqjdakjd.su/gate.php

https://yuidskadjna.su/gate.php

https://olksmadnbdj.su/gate.php

https://odsakmdfnbs.su/gate.php

https://odsakjmdnhsaj.su/gate.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  QsMrQht.dll
- Size
  
  390KB
- MD5
  
  eda1efdb96d94d91a2f69f92da494777
- SHA1
  
  6037c5618011853eb72a3bc1f80ff7189d8c9e98
- SHA256
  
  89e83ef4b109f38ef1f9d8dd2ab6005426e2f24c5cf106717af3eb2bdb69c78e
- SHA512
  
  b97509174535d85899f458380c28899a5f128df1e53625b39d81b9cc3767c4864538c327d17bd4b7f0c371a52fe1ae0e4f8d93f263556193cf1b79830b5d6069
Score

10^/10

trojan botnet zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2

trojanbotnetzloader