zloader | 317e3033c5a83dcba60304cbb8ffcd30c40c0bb710fff784bd9e7189fffff15d | Triage

Sharing

General

Target

35466f0c22f220890b932e59f9a21032712e8260343d13ad4c0d9560db3b638f.zip
Size

282KB
Sample

210302-8n9hgwt6px
MD5

a375705cf648a898e779454c69636d47
SHA1

19f3fb8814c9f39558a04fb554f5030a6f1c8e9f
SHA256

317e3033c5a83dcba60304cbb8ffcd30c40c0bb710fff784bd9e7189fffff15d
SHA512

863d22d20cc7b02241804e95705e54a9e9b4d3d09a5dabc67fdda13cc1c4000869b8b59b91f0cb6b1fca3c13659d7cd15985cf500f2798663b035c381809e1e1

Score

10^/10

zloader nut 08/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

08/12

C2

https://nature4health.id/wp-punch.php

https://maschuquisaca.tk/wp-punch.php

https://serproimsas.com/wp-punch.php

https://agrospas.co.rs/wp-punch.php

https://fnxcrypto.com/server.php

https://lywakelireal.ga/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  35466f0c22f220890b932e59f9a21032712e8260343d13ad4c0d9560db3b638f.dll
- Size
  
  367KB
- MD5
  
  b8486dcef44c59a2652378724ef2a995
- SHA1
  
  1a71166669aa8810474fcb6700851175c643bd30
- SHA256
  
  35466f0c22f220890b932e59f9a21032712e8260343d13ad4c0d9560db3b638f
- SHA512
  
  70da95fda92ff4e1f4157a747e50dc311cf1e3add4b4a3fd8da6c2c752b5fa7b6572f860d069630792804d0a45479e84dee86be0129994fa5ef3a83657fd003e
Score

10^/10

zloader nut 08/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut08/12botnettrojan

behavioral2

zloadernut08/12botnettrojan