zloader | 0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890 | Triage

Sharing

General

Target

scfrd.dll
Size

912KB
Sample

210126-y1r6t2qmr6
MD5

b0f3fa047f6ae39a145fd364f693638e
SHA1

1951696d8aca4a31614bb68f9da392402785e14e
SHA256

0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
SHA512

86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98

Score

10^/10

zloader kev 26/01 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

26/01

C2

https://gadgetswolf.com/post.php

https://homesoapmolds.com/post.php

https://govemedico.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  scfrd.dll
- Size
  
  912KB
- MD5
  
  b0f3fa047f6ae39a145fd364f693638e
- SHA1
  
  1951696d8aca4a31614bb68f9da392402785e14e
- SHA256
  
  0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
- SHA512
  
  86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98
Score

10^/10

zloader kev 26/01 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev26/01botnettrojan

behavioral2