zloader | 051eccb29557de0f553ae1979aa3643e10bd2e85b4db4c6079bb09dff9f7170f | Triage

Sharing

General

Target

67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d.zip
Size

231KB
Sample

210302-p7y1p7qgas
MD5

5395bf0c5e9a36941ceb0ff0858d524b
SHA1

8546e4652641b46a8723c0fa4d72ebf600f214e8
SHA256

051eccb29557de0f553ae1979aa3643e10bd2e85b4db4c6079bb09dff9f7170f
SHA512

3e25fac244c9efaa1acc259d710243ecd96ee577c70109b3386944acf430c93d1b38bb7a3003c53437004bf35218c14dab39c49eb5eebf7d962d0900ddecf3df

Score

10^/10

zloader nut 01/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

01/03

C2

https://bentalks.co.ke/post.php

https://karhandlafarm.com/post.php

https://www.moinamakeup.com/post.php

https://miramaminerals.com/post.php

https://fermin.pe/post.php

https://talk2point.com/post.php

https://enpikilenlya.gq/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d.dll
- Size
  
  336KB
- MD5
  
  2ab7d17b2b4a085364a15e473a1abf03
- SHA1
  
  c452a21329b8342f89b3fd4231202593bdc61cc9
- SHA256
  
  67773bd7bf1720493b3dd438a8d2959412dd9a4381a646d3e7278e73e18e102d
- SHA512
  
  aa7c8934aa886fb7f812c5612892ec2c515c71ee4daab70de5cafcefdd5370e4f81b254d08603b23fbf096363ec7d6aaa8757bd9d537589eac5c8fc6f97e3c53
Score

10^/10

zloader nut 01/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut01/03botnettrojan

behavioral2