zloader | aabeeea5f503e44db8a0bc6b460f8283325b7c7d2fec030157ed7629d5db335d | Triage

Sharing

General

Target

2020-08-27-Zloader.zip
Size

315KB
Sample

201223-rwla5lxa2n
MD5

96ccb37d149063f85e97c7f018dba897
SHA1

3529d020e9c3539f5bd791be3b07e8b5a0e1f371
SHA256

aabeeea5f503e44db8a0bc6b460f8283325b7c7d2fec030157ed7629d5db335d
SHA512

fcb45d2ff9c94a0c8e348b11e92895e47e08ecb4caccb120265d5995e2d9d44c773277d7f5ccbbb71c8c8ff7fc2fe3ba8dec3230eeee5216190243d3eee6db03

Score

10^/10

zloader sg sg botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  gofoybuq.exe
- Size
  
  495KB
- MD5
  
  23f46600a01ee95f55e6ff51b5e1d5cb
- SHA1
  
  e078d10aa17c7f17b4d1ac26dfcafcc881af4098
- SHA256
  
  03f38a24c51546f0945dcf5a6a7383fe5568918d37e461d062e195604d85660f
- SHA512
  
  358f205da2b67b885596fc0fa8919d5a5782c4d656fef2be92e2a0e85a1cd2f79c69d1ad71dbb54acff84dee316faddf3efaffc017b4feb39d049f498c50bcce
Score

10^/10

zloader sg sg botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadersgsgbotnettrojan

behavioral2