General

  • Target

    2020-11-27-ZLoader-DLL-example-01.bin

  • Size

    262KB

  • Sample

    201127-hznbnpvyaj

  • MD5

    4a64b13ff53aebbab00504f6655ba846

  • SHA1

    7e75f220f6c9e6be9abd0def54f7d9957540598c

  • SHA256

    66ec83aa3631d71cba16fd34d1c0b8669009418a92ba683b8a348cd130150b5b

  • SHA512

    9ab869872466866f2bade4fe40cc50bfbd1a3475834d8be1719f2d6ec4b61b0e1848021c0a9444e20e2d0097d46c0e2cc25bf90e25802ad96dc02f84d394735e

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

27/11

C2

https://hac3r.com/wp-punch.php

https://womtools.com/wp-punch.php

https://valitec.co/wp-punch.php

https://empresascreciendobien.com/server.php

https://smartat.co/error.php

https://teamearenttopdiaty.ga/wp-smarts.php

rc4.plain
rsa_pubkey.plain

Targets

    • Target

      2020-11-27-ZLoader-DLL-example-01.bin

    • Size

      262KB

    • MD5

      4a64b13ff53aebbab00504f6655ba846

    • SHA1

      7e75f220f6c9e6be9abd0def54f7d9957540598c

    • SHA256

      66ec83aa3631d71cba16fd34d1c0b8669009418a92ba683b8a348cd130150b5b

    • SHA512

      9ab869872466866f2bade4fe40cc50bfbd1a3475834d8be1719f2d6ec4b61b0e1848021c0a9444e20e2d0097d46c0e2cc25bf90e25802ad96dc02f84d394735e

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Blacklisted process makes network request

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks