zloader | 9784ec7c983a246dc3f25270cc2ddfe7bdbaf7dd4c1b13dba20a0019266beed6 | Triage

Sharing

General

Target

8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2.zip
Size

245KB
Sample

210302-ahw9d2668e
MD5

a523b48d1b183b112d80bd746aa0e19e
SHA1

cf4bd491b403897d3279249e33877c7dcf5b2da4
SHA256

9784ec7c983a246dc3f25270cc2ddfe7bdbaf7dd4c1b13dba20a0019266beed6
SHA512

bd01508eff5f66b17d97c0ba589d49db5870640f01ca06d739c3253e3c365ec8df5d5ec989c731ef520b9136689c486afbb262f42add204a58b42e069e1d9ab1

Score

10^/10

zloader kev 08/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

08/02

C2

https://earfetti.com/post.php

https://evalynews.com/post.php

https://zeistatwalk.tk/post.php

https://spiraninendreamneu.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2.dll
- Size
  
  362KB
- MD5
  
  d2852a3b2a20846528cec53426fd5f9c
- SHA1
  
  1fa892f9280708e7c82e958bec516bb2b09351f3
- SHA256
  
  8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
- SHA512
  
  247fae9f2c9bdca9d7eb4f44996e7e28d2cd9b7c87ea05a15b72ecb073750c8d9199d585771366687c43d802eb474e9486bb328d2984abeb4aacee62916ca2b6
Score

10^/10

zloader kev 08/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev08/02botnettrojan

behavioral2

zloaderkev08/02botnettrojan