zloader | d45d3d2fa8833b85608b6afa7b29e82675fd50e9701b0418d1c359c61829bdb1 | Triage

Sharing

General

Target

778b9b70005df81ab976c71250ebe587f0eeb017c380e69405dc86692a3a4495.zip
Size

80KB
Sample

210302-y9kr87vgl6
MD5

4a3aead1e9843a129623d9445833e6df
SHA1

a785c832443585dc28eed06e051634a43696bc73
SHA256

d45d3d2fa8833b85608b6afa7b29e82675fd50e9701b0418d1c359c61829bdb1
SHA512

8323d41d28e3975da0f3a6757fb656225d7ecca03c0a4bb9d9aa22d64e708ed11560a9f3e5f89bc7ca03ebc0f70ff056ef3858b7595fe89651ef58202ac43b23

Score

10^/10

zloader kev 26/01 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

26/01

C2

https://gadgetswolf.com/post.php

https://homesoapmolds.com/post.php

https://govemedico.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  778b9b70005df81ab976c71250ebe587f0eeb017c380e69405dc86692a3a4495.dll
- Size
  
  133KB
- MD5
  
  b2c855b1dd828feaff561c702ad1152c
- SHA1
  
  0bc01ddc1f202ec9310bba17b616cba27b01ade6
- SHA256
  
  778b9b70005df81ab976c71250ebe587f0eeb017c380e69405dc86692a3a4495
- SHA512
  
  260e0738aeca6c24762d4f9131e1998a7479ff57f3bacf4a26633fa0ba257eb72d0376bbfcab8ae72fcb5dd39cab5e98ef7678fff3de3f8748de11b5362412e4
Score

10^/10

zloader kev 26/01 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

kev26/01zloader

behavioral1

zloaderkev26/01botnettrojan

behavioral2

zloaderkev26/01botnettrojan