zloader | cb4743a2d52cd9aa3b4afd10e181789f7c3ca4fd6edf286405a8d4d8e729d4f0 | Triage

Sharing

General

Target

cb4743a2d52cd9aa3b4afd10e181789f7c3ca4fd6edf286405a8d4d8e729d4f0
Size

144KB
Sample

210223-3ksjjadacx
MD5

3d9f9cc809961ac176c40f0280ebdcd1
SHA1

658d3768336d8934f5d9f7d2c73a29278b168b99
SHA256

cb4743a2d52cd9aa3b4afd10e181789f7c3ca4fd6edf286405a8d4d8e729d4f0
SHA512

96e642e924b054580b1c033e7de9e6395f846b31036f4e45485e6b0e3741d6ff1b51b7f75ee0a365b3792d81c21bc55e6c60aabfbdb9f8f06ba53436068fac22

Score

10^/10

zloader nut 18/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

18/02

C2

https://ramkanshop.ir/post.php

https://lph786.com/post.php

https://efaschoolfarooka.com/post.php

https://forexstick.com/post.php

https://firteccom.com/post.php

https://www.psychologynewmind.com/post.php

https://dirashightapbide.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  cb4743a2d52cd9aa3b4afd10e181789f7c3ca4fd6edf286405a8d4d8e729d4f0
- Size
  
  144KB
- MD5
  
  3d9f9cc809961ac176c40f0280ebdcd1
- SHA1
  
  658d3768336d8934f5d9f7d2c73a29278b168b99
- SHA256
  
  cb4743a2d52cd9aa3b4afd10e181789f7c3ca4fd6edf286405a8d4d8e729d4f0
- SHA512
  
  96e642e924b054580b1c033e7de9e6395f846b31036f4e45485e6b0e3741d6ff1b51b7f75ee0a365b3792d81c21bc55e6c60aabfbdb9f8f06ba53436068fac22
Score

10^/10

zloader nut 18/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

nut18/02zloader

behavioral1

zloadernut18/02botnettrojan

behavioral2

zloadernut18/02botnettrojan