zloader | a17ba992825ec59510455e3f24acefd734472e0fcc1c223beb3d191d27ae72fa | Triage

Sharing

General

Target

c5a07a557082018c4b3526b12e681182d7e489ce22e90c2b4f68feae5f93d4d0.zip
Size

317KB
Sample

210302-atywxhg38a
MD5

45027bb21ebae0dc73cc7963925f3ec3
SHA1

ea9af2ca73d53de3948dc4f6badf8227304af2b8
SHA256

a17ba992825ec59510455e3f24acefd734472e0fcc1c223beb3d191d27ae72fa
SHA512

d98af514e39e7086c03f7a64bf2285602c92b3f36c278df936394c884b0bd0255dd41fb72db0390586630e5f25fc06373fa32c16ffe28054c289b9b0fcec3c86

Score

10^/10

zloader kev 25/01 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

25/01

C2

https://sadnan.com/post.php

https://www.isds.com.my/post.php

https://nawirifarm.co.ke/post.php

https://dev01.perdiscoo.com/post.php

https://ingenieriaoasisdebc.com/post.php

https://brinitezcresan.gq/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  c5a07a557082018c4b3526b12e681182d7e489ce22e90c2b4f68feae5f93d4d0.dll
- Size
  
  554KB
- MD5
  
  48f3bf2aad96b4893e873cf82d170f54
- SHA1
  
  ef34b6817e4142000cf512ed063fbc2beadf5be8
- SHA256
  
  c5a07a557082018c4b3526b12e681182d7e489ce22e90c2b4f68feae5f93d4d0
- SHA512
  
  1f7cf4b33257490cab2510644bb27adfec039df43c51ab9f860ebeaddc1f523d15169deb1dda32d0ce02fe19ac842c9dceabe8833df7f0a98748d18e508ccb81
Score

10^/10

zloader kev 25/01 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev25/01botnettrojan

behavioral2

zloaderkev25/01botnettrojan