zloader | 67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d | Triage

Sharing

General

Target

H3ifYE5.dll
Size

336KB
Sample

210301-7jerpfxnzx
MD5

2ab7d17b2b4a085364a15e473a1abf03
SHA1

c452a21329b8342f89b3fd4231202593bdc61cc9
SHA256

67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d
SHA512

aa7c8934aa886fb7f812c5612892ec2c515c71ee4daab70de5cafcefdd5370e4f81b254d08603b23fbf096363ec7d6aaa8757bd9d537589eac5c8fc6f97e3c53

Score

10^/10

zloader nut 01/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

01/03

C2

https://bentalks.co.ke/post.php

https://karhandlafarm.com/post.php

https://www.moinamakeup.com/post.php

https://miramaminerals.com/post.php

https://fermin.pe/post.php

https://talk2point.com/post.php

https://enpikilenlya.gq/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  H3ifYE5.dll
- Size
  
  336KB
- MD5
  
  2ab7d17b2b4a085364a15e473a1abf03
- SHA1
  
  c452a21329b8342f89b3fd4231202593bdc61cc9
- SHA256
  
  67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d
- SHA512
  
  aa7c8934aa886fb7f812c5612892ec2c515c71ee4daab70de5cafcefdd5370e4f81b254d08603b23fbf096363ec7d6aaa8757bd9d537589eac5c8fc6f97e3c53
Score

10^/10

zloader nut 01/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut01/03botnettrojan

behavioral2