zloader | ccb110232bfb55812730ce5fa2b1f1a6e56fba5c2ed593ae9c5ce0087aaf97fc | Triage

Sharing

General

Target

zxeed.dll
Size

586KB
Sample

210210-ja7bmkyt3j
MD5

c0a63eb0dc02d6bbab35b94555721ad3
SHA1

ab29a3706e4019bd21c7a487a2e4f2d292cc869b
SHA256

ccb110232bfb55812730ce5fa2b1f1a6e56fba5c2ed593ae9c5ce0087aaf97fc
SHA512

de279b0a60aacafec1d7743625e07fcadfaf892d403c562d727b89912c154aecf9e17da6d80ba847cd44d27c436514a27a5fbaec827fd0a138646a58974fb75c

Score

10^/10

zloader kiv 09/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kiv

Campaign

09/02

C2

https://earfetti.com/post.php

https://evalynews.com/post.php

https://sanciacinfofoothe.tk/post.php

https://enriwetmiti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  zxeed.dll
- Size
  
  586KB
- MD5
  
  c0a63eb0dc02d6bbab35b94555721ad3
- SHA1
  
  ab29a3706e4019bd21c7a487a2e4f2d292cc869b
- SHA256
  
  ccb110232bfb55812730ce5fa2b1f1a6e56fba5c2ed593ae9c5ce0087aaf97fc
- SHA512
  
  de279b0a60aacafec1d7743625e07fcadfaf892d403c562d727b89912c154aecf9e17da6d80ba847cd44d27c436514a27a5fbaec827fd0a138646a58974fb75c
Score

10^/10

zloader kiv 09/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkiv09/02botnettrojan

behavioral2

zloaderkiv09/02botnettrojan