zloader | 9d30faba964d269e873d001b4cdc77674b3e7da67d8a4666cb5b532d15b79a6f | Triage

Sharing

General

Target

22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017.zip
Size

283KB
Sample

210302-e5dt73764x
MD5

80d7c2557059068e4f9f24a5037d10ec
SHA1

8ccdbaaec84cb01a2a3f885b65a04548d43cf013
SHA256

9d30faba964d269e873d001b4cdc77674b3e7da67d8a4666cb5b532d15b79a6f
SHA512

77f66512590e8555ada1f9f44f4298a1345daeda40cc8ad32d55b333dc7d5636fee5c0e78f40b413398c2935b92c8c335632b220e9b8144785018668f2b61c77

Score

10^/10

zloader nut 22/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/02

C2

https://sanfilippowholesale.ca/post.php

https://veprotech.com/post.php

https://globalgroots.com/post.php

https://silicontradewind.com/post.php

https://dhyanalingagranites.in/post.php

https://onushondhanbarta.com/post.php

https://avcity.in/post.php

https://docapiridelli.ml/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017.dll
- Size
  
  368KB
- MD5
  
  4bf3af70dcbddb2176b0bf611a8f945c
- SHA1
  
  59bbd8de9de9f891adb73b4c5711cfb7a3073fa5
- SHA256
  
  22a0ceb74f566484220466e975d4fa835f4edf6279f9426f36498d8aa3337017
- SHA512
  
  ff2f75d15d5bfffb2a5cae30e231d2fc1c33adc9fc4b771e1eb5587d4761ebdc2afff3618f218ffa7c020b11f264217916acb2c6114a5752c53dda13af89134f
Score

10^/10

zloader nut 22/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut22/02botnettrojan

behavioral2