zloader | 7b2991d5d1494b1dce30f7a7bab92db0fb5c39ec498239b91ee0c928f9b19fdb | Triage

Sharing

General

Target

34aa0bd4dc61cca23b7950282df26ce2e16a339b2895add65d46e6d317a11fe1.zip
Size

218KB
Sample

210303-9h6ml8bzyn
MD5

17c3917da3baa88bf183984035014603
SHA1

2ad57b70b04b04c0f7afde1893f9491f47c80d5c
SHA256

7b2991d5d1494b1dce30f7a7bab92db0fb5c39ec498239b91ee0c928f9b19fdb
SHA512

1d68909859a6885386744927b514c107ffb0d37e50401f226c4da483a2d7afcfe7e60117dbb89ded06b018a62dfa39c371b6f871327ea79173b7b041be50a442

Score

10^/10

zloader nut 27/11 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

27/11

C2

https://hac3r.com/wp-punch.php

https://womtools.com/wp-punch.php

https://valitec.co/wp-punch.php

https://empresascreciendobien.com/server.php

https://smartat.co/error.php

https://teamearenttopdiaty.ga/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  34aa0bd4dc61cca23b7950282df26ce2e16a339b2895add65d46e6d317a11fe1.dll
- Size
  
  320KB
- MD5
  
  ce8ac0e4da0c1d4406a4a17215db37cf
- SHA1
  
  f2df1a5863044e5d6b4ab7d2a2b1ebee9f96d228
- SHA256
  
  34aa0bd4dc61cca23b7950282df26ce2e16a339b2895add65d46e6d317a11fe1
- SHA512
  
  fcfff47b9074b9013fc00acb9b4a9aee13f820e6369e78a354a3b8d545a8ebf1560f910d6a49edff53384c6e37d61a0b075eb44c6ab89267a0a532f58fbbe7f1
Score

10^/10

zloader nut 27/11 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut27/11botnettrojan

behavioral2