zloader | b692e1d04bc08c14e4c7fb450dd2d6d625ef09919abc826a3a7b59257a1bfe2d | Triage

Sharing

General

Target

gofoybuq.zip
Size

315KB
Sample

210225-wtgw58nhcs
MD5

932b4a22f924a1c56b96cac9084f9427
SHA1

b9b554c11c359bfdfc56a9944be95e5cce59ac23
SHA256

b692e1d04bc08c14e4c7fb450dd2d6d625ef09919abc826a3a7b59257a1bfe2d
SHA512

5cb049e9282ee3c9c01437a4eaf10fb040b6a691daf6025a3acb75244dde89c50384da82ec1820b1e1ea2aa7c90a868b6f8e640bdf670f369cd9e5c02db4b80b

Score

10^/10

zloader sg sg botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

SG

Campaign

SG

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  gofoybuq.exe
- Size
  
  495KB
- MD5
  
  23f46600a01ee95f55e6ff51b5e1d5cb
- SHA1
  
  e078d10aa17c7f17b4d1ac26dfcafcc881af4098
- SHA256
  
  03f38a24c51546f0945dcf5a6a7383fe5568918d37e461d062e195604d85660f
- SHA512
  
  358f205da2b67b885596fc0fa8919d5a5782c4d656fef2be92e2a0e85a1cd2f79c69d1ad71dbb54acff84dee316faddf3efaffc017b4feb39d049f498c50bcce
Score

10^/10

zloader sg sg botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadersgsgbotnettrojan

behavioral2