zloader | 80b65c87c2af3d8e0fba7ae3901491fb0421a20ce8c33a94e578ba2a8e0fe9c4 | Triage

Resubmissions

09-01-2021 06:25

210109-x11fbv57ln 10

16-10-2020 02:45

201016-1g8jrbkdln 7

Sharing

General

Target

dusmapi7bf.exe
Size

201KB
Sample

210109-x11fbv57ln
MD5

235730a5bbd6d3c5cef4bf0c949b74e8
SHA1

e0edbe75a0fdbaff4c4467b5b2a37a281687b0b7
SHA256

80b65c87c2af3d8e0fba7ae3901491fb0421a20ce8c33a94e578ba2a8e0fe9c4
SHA512

3dc31d2c0eae9be0040cd8bb128c6f21c089f37ecbaf0ea613e4045dceb9886538b0301b1950e091b973807facb92d96586e470ed7a36c158f49082b6a48621d

Score

10^/10

zloader sg sg botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  dusmapi7bf.exe
- Size
  
  201KB
- MD5
  
  235730a5bbd6d3c5cef4bf0c949b74e8
- SHA1
  
  e0edbe75a0fdbaff4c4467b5b2a37a281687b0b7
- SHA256
  
  80b65c87c2af3d8e0fba7ae3901491fb0421a20ce8c33a94e578ba2a8e0fe9c4
- SHA512
  
  3dc31d2c0eae9be0040cd8bb128c6f21c089f37ecbaf0ea613e4045dceb9886538b0301b1950e091b973807facb92d96586e470ed7a36c158f49082b6a48621d
Score

10^/10

zloader sg sg botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

zloadersgsgbotnettrojan