zloader | 47dd6855869ea0ad0cc43dddc110eb54f1b399dedfb337a8b88dead4914ec609 | Triage

Sharing

General

Target

EQq5Mu9U.exe
Size

440KB
Sample

201202-6crv4myx46
MD5

7784c1f0ad355b7c60213ce7a6904653
SHA1

17743db7539bd4f95ae98b335c68a6bfc8f6c74e
SHA256

47dd6855869ea0ad0cc43dddc110eb54f1b399dedfb337a8b88dead4914ec609
SHA512

50547a2b94b04bad6b4f0b6cd9437e33c983a5beca6841b5b552de9e84c1a7d7d8c3e39c5a070632f67838deddd9a2a915e1ed29124b6678f7d4ca876f089368

Score

10^/10

zloader nut 02/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

02/12

C2

https://www.alhasanatbooks.com/reader.php

https://aflim.org.ng/wp-punch.php

https://sardarmohammad.com/reports.php

https://erikarabelo.com.br/server.php

https://thechapelofthehealingcross.org/java.php

https://grebcanualcwilfprofal.ml/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  EQq5Mu9U.exe
- Size
  
  440KB
- MD5
  
  7784c1f0ad355b7c60213ce7a6904653
- SHA1
  
  17743db7539bd4f95ae98b335c68a6bfc8f6c74e
- SHA256
  
  47dd6855869ea0ad0cc43dddc110eb54f1b399dedfb337a8b88dead4914ec609
- SHA512
  
  50547a2b94b04bad6b4f0b6cd9437e33c983a5beca6841b5b552de9e84c1a7d7d8c3e39c5a070632f67838deddd9a2a915e1ed29124b6678f7d4ca876f089368
Score

10^/10

zloader nut 02/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blacklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut02/12botnettrojan

behavioral2

zloadernut02/12botnettrojan