zloader | a50844184119e66e5d3a663be6d2d57d72a6748b6ce2d11974c688c8bc40d710 | Triage

Resubmissions

02-11-2020 07:00

201102-kdx16rhl5a 10

01-11-2020 18:45

201101-xwtjyyb6hn 1

Sharing

General

Target

bd91abd60357f47d4a163df3fc27b795.exe
Size

291KB
Sample

201102-kdx16rhl5a
MD5

bd91abd60357f47d4a163df3fc27b795
SHA1

7e572733b2ef7266dfdb237c32d73919df6ae298
SHA256

a50844184119e66e5d3a663be6d2d57d72a6748b6ce2d11974c688c8bc40d710
SHA512

4ad41d25cd85d16e5bc932ee68dcb79ed4845e679e7b14f23a32f7a57fc5aa783e0cd2eb7f5b58e7c8918e81f316bcffb7c658efc1d25223576b5383df39e604

Score

10^/10

zloader r1 r1 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  bd91abd60357f47d4a163df3fc27b795.exe
- Size
  
  291KB
- MD5
  
  bd91abd60357f47d4a163df3fc27b795
- SHA1
  
  7e572733b2ef7266dfdb237c32d73919df6ae298
- SHA256
  
  a50844184119e66e5d3a663be6d2d57d72a6748b6ce2d11974c688c8bc40d710
- SHA512
  
  4ad41d25cd85d16e5bc932ee68dcb79ed4845e679e7b14f23a32f7a57fc5aa783e0cd2eb7f5b58e7c8918e81f316bcffb7c658efc1d25223576b5383df39e604
Score

10^/10

zloader r1 r1 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderr1r1botnettrojan