zloader | 18311a4e347c3d263cb3cecc686cd75322c166a6d518a83a081dc4261c69df9c | Triage

Sharing

General

Target

5c0f9c9babc640a2578b1d3e8cacb60df32a0437ef3f9383d00ed88a7cef3a62.zip
Size

200KB
Sample

210302-ycps8p2jwn
MD5

8bdb37870bf5c43d6e5585ef740f9fd2
SHA1

63f44d78dde2cdadcc166da8bf461ee6b7d7a597
SHA256

18311a4e347c3d263cb3cecc686cd75322c166a6d518a83a081dc4261c69df9c
SHA512

a3aacebb97e0ae1075423d26868714c29348d9e04d3fb8bc93f0a83122d42ba0a70a4287b42a8f9e4f907a46dabde5464fa241e28724987341244dfd5a96718f

Score

10^/10

zloader vek 22/01 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

vek

Campaign

22/01

C2

https://groceryasian.com/post.php

https://forteanhub.com/post.php

https://conssapratigdevi.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  5c0f9c9babc640a2578b1d3e8cacb60df32a0437ef3f9383d00ed88a7cef3a62.dll
- Size
  
  272KB
- MD5
  
  7cff1113d30b8e4cd51ba13f40b9d2d5
- SHA1
  
  6a0b90e9b0861cb42fecd217651d25c2e9eabf7d
- SHA256
  
  5c0f9c9babc640a2578b1d3e8cacb60df32a0437ef3f9383d00ed88a7cef3a62
- SHA512
  
  2a9420971587e2234db54a5008c9a861c337dfcbeb94698fd04a5e0481794f5cc510d81a6548bbb9f0b2a024a31d46a954768a0e8f6b0dd19cf7602a284d4862
Score

10^/10

zloader vek 22/01 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadervek22/01botnettrojan

behavioral2

zloadervek22/01botnettrojan