zloader | d9e22bc57b8c36650950d471c47869814e215ed7b92f5a6095b38b411dbf6ce4 | Triage

Sharing

General

Target

0SEND4.txt.bin
Size

798KB
Sample

210217-v6259943f6
MD5

4746a10f3884b8c1855b865adab64038
SHA1

3caa423388eb1314499d27574251365ec5c25e64
SHA256

d9e22bc57b8c36650950d471c47869814e215ed7b92f5a6095b38b411dbf6ce4
SHA512

8b5b56860cf87c969fb9734aa14d8201a2a48a05ceba1416e9b72f49bf4ea988e2c958a8291b95baac2d1d524c96b9c8fa7e6192b2f9211692e62e75d39517b7

Score

10^/10

zloader kev 17/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

17/02

C2

https://laddyfabs.com/post.php

https://lossvalue.com/post.php

https://despsysgiagrazarin.tk/post.php

https://vestvasori.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  0SEND4.txt.bin
- Size
  
  798KB
- MD5
  
  4746a10f3884b8c1855b865adab64038
- SHA1
  
  3caa423388eb1314499d27574251365ec5c25e64
- SHA256
  
  d9e22bc57b8c36650950d471c47869814e215ed7b92f5a6095b38b411dbf6ce4
- SHA512
  
  8b5b56860cf87c969fb9734aa14d8201a2a48a05ceba1416e9b72f49bf4ea988e2c958a8291b95baac2d1d524c96b9c8fa7e6192b2f9211692e62e75d39517b7
Score

10^/10

zloader kev 17/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev17/02botnettrojan

behavioral2