zloader | 348a213d357162a468541691850aa671bfe26a3618f2ce07ffe1cbd3c7431f2c | Triage

Sharing

General

Target

formnet.bin.zip
Size

716KB
Sample

210127-bhh7m3435j
MD5

9c18365005daeb47a7a6eee0bc04036b
SHA1

1da994ef3c5ba4d3aab64f60fd3343280d357ac9
SHA256

348a213d357162a468541691850aa671bfe26a3618f2ce07ffe1cbd3c7431f2c
SHA512

0e39333d9e0d4137524bd0e22fb643ba44610f6571a2d89d6d8754702c8f21eabee6429cf0b2bda88ab59bb36fa2946aa7f4394485865d411ccd1e508f8b1798

Score

10^/10

zloader kev 26/01 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

26/01

C2

https://gadgetswolf.com/post.php

https://homesoapmolds.com/post.php

https://govemedico.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  formnet.bin
- Size
  
  912KB
- MD5
  
  b0f3fa047f6ae39a145fd364f693638e
- SHA1
  
  1951696d8aca4a31614bb68f9da392402785e14e
- SHA256
  
  0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
- SHA512
  
  86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98
Score

10^/10

zloader kev 26/01 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev26/01botnettrojan

behavioral2