zloader | 72c24df8b7bb94c56c36a21ee311a0b525f432293fa48f54401ea19815630fef | Triage

Sharing

General

Target

72c24df8b7bb94c56c36a21ee311a0b525f432293fa48f54401ea19815630fef.bin
Size

407KB
Sample

210301-v7bjw5he3n
MD5

a25ea03dd5e175e547f1f3048e813f62
SHA1

98727b1b6826e2816f908c08b15db427c875ca53
SHA256

72c24df8b7bb94c56c36a21ee311a0b525f432293fa48f54401ea19815630fef
SHA512

a96aa1fd86fc2e7110d801832fecfad005e1fda53624f39d42a7af6363500be4ec84033a62d7214e3d99c08ef64c8f50e1c333d14b9c53d8c38f036f1cad73a9

Score

10^/10

zloader kev 09/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

09/02

C2

https://earfetti.com/post.php

https://evalynews.com/post.php

https://sanciacinfofoothe.tk/post.php

https://enriwetmiti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  72c24df8b7bb94c56c36a21ee311a0b525f432293fa48f54401ea19815630fef.bin
- Size
  
  407KB
- MD5
  
  a25ea03dd5e175e547f1f3048e813f62
- SHA1
  
  98727b1b6826e2816f908c08b15db427c875ca53
- SHA256
  
  72c24df8b7bb94c56c36a21ee311a0b525f432293fa48f54401ea19815630fef
- SHA512
  
  a96aa1fd86fc2e7110d801832fecfad005e1fda53624f39d42a7af6363500be4ec84033a62d7214e3d99c08ef64c8f50e1c333d14b9c53d8c38f036f1cad73a9
Score

10^/10

zloader kev 09/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev09/02botnettrojan

behavioral2