zloader | 9081546b7e05805a5496bfcee49b3c736cb55b49e467529c7d7ac60781b29880 | Triage

Sharing

General

Target

n1.bin
Size

282KB
Sample

201225-sapaaaxahj
MD5

3b0c5d532922be20ae151490e7109c60
SHA1

4c3ba395594a5117d468084330902739ca08de0e
SHA256

9081546b7e05805a5496bfcee49b3c736cb55b49e467529c7d7ac60781b29880
SHA512

6a724591ee57cbc2ce9351ac556e666040f8ba6bcd37112b960a4fc0a16b493a7b94b0e70f9efe1a1d53597ec8a0a5ef08bbfc91ef4ace776f1df0f8c1555f4e

Score

10^/10

zloader r2 r2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

r2

Campaign

r2

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  n1.bin
- Size
  
  282KB
- MD5
  
  3b0c5d532922be20ae151490e7109c60
- SHA1
  
  4c3ba395594a5117d468084330902739ca08de0e
- SHA256
  
  9081546b7e05805a5496bfcee49b3c736cb55b49e467529c7d7ac60781b29880
- SHA512
  
  6a724591ee57cbc2ce9351ac556e666040f8ba6bcd37112b960a4fc0a16b493a7b94b0e70f9efe1a1d53597ec8a0a5ef08bbfc91ef4ace776f1df0f8c1555f4e
Score

10^/10

zloader r2 r2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderr2r2botnettrojan

behavioral2