zloader | 1bb0dc63d8e5a2bac97d1850455310cf4ec4a3feeef6003a2d5fdfb14d0d04d9 | Triage

Sharing

General

Target

m1n.zip
Size

169KB
Sample

201028-cwywblqhr6
MD5

68a51db91f345145175284c8a63bd4de
SHA1

6ab0b572e1c7bd24ba8103e876193755d50d16ee
SHA256

1bb0dc63d8e5a2bac97d1850455310cf4ec4a3feeef6003a2d5fdfb14d0d04d9
SHA512

48797f4d952981dcea74f420ed9103ca6b616eeed478355d0a191f2a25fae77d5548947611f3fd4ec463d2b5f431acc23f1516111427b317e49ee67778710e98

Score

10^/10

zloader r2 r2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

r2

Campaign

r2

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  m1n.exe
- Size
  
  283KB
- MD5
  
  399afac5870b698e7692fb7bb2a500eb
- SHA1
  
  635e5b168da209d1db751d492be5505aca4b1b2f
- SHA256
  
  145d0203cf0cdfec44c2a27af39fc89158db68b85b8c0b46f661389283a8284a
- SHA512
  
  4c6db836b033edcaa14eab22e461d9e509d6b14f0381bdaaaf4df5e1e49771a0619bd175476e8d80a89b62bf66efc77da51acc5a215d596dd4003ab2cce76d81
Score

10^/10

zloader r2 r2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderr2r2botnettrojan

behavioral2

zloaderr2r2botnettrojan