zloader | 43f51f954f960ebc76a869e1e398f43b2b936d9f833a6b16c0ab738879af2af2 | Triage

Sharing

General

Target

3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d.zip
Size

80KB
Sample

210302-p82g7m28qx
MD5

19ab5cde5582cdf32d482c285a96735b
SHA1

9e5495154f0ad46ecb618ca8c5ea9977d90a65fb
SHA256

43f51f954f960ebc76a869e1e398f43b2b936d9f833a6b16c0ab738879af2af2
SHA512

ff7a6a297001db42aa3d76c9d84f3962e41e80c2de3d20f2d98cbc7ce158e44dd46bd495cdbc4d0dd216dc61fafc2353844d65f76171843aac1c510372f4ec18

Score

10^/10

zloader nut 04/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

04/02

C2

https://vidhyashram.edu.in/post.php

https://carmeta-ampuh.com/post.php

https://bestarticleblog.com/post.php

https://alahsateam.com/post.php

https://pyggroup.com.pe/post.php

https://perlisisacsiograv.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d.dll
- Size
  
  133KB
- MD5
  
  6d72546fbb7cae443a46d6a744760f7e
- SHA1
  
  c4d715bd92f12d54c2a77e5c1ac1ef1a2d1957f5
- SHA256
  
  3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d
- SHA512
  
  616e77a5a3e575d04229ecf6b7419c5886e1b2a9e38ba117debb4c97a3bce0b0ad75d9e9da46b747cee62cfa5a016bfc55a1d80aad2db137f7c1f176c4169f69
Score

10^/10

zloader nut 04/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

nut04/02zloader

behavioral1

zloadernut04/02botnettrojan

behavioral2