zloader | 9b00d9665a26fb8f2021ff71786f3ae0619700ec4ea41615bd14b3bc5cb33cc8 | Triage

Sharing

General

Target

c8c5815fe4a06a752e51f79332a393db1f91a8e39b67899aa996e4ca76cfa675.zip
Size

291KB
Sample

210304-s35f4j3sxe
MD5

755207b5be23502a7f27c1d135ecac6d
SHA1

5f7594dfc0261be7d4ef8323356e9eb1ff18400e
SHA256

9b00d9665a26fb8f2021ff71786f3ae0619700ec4ea41615bd14b3bc5cb33cc8
SHA512

f4cd52d6fee9862669f158b5238c77fc0f4c4a66b209407f5c9852f1c7b6566da9afbfd4ed3df97d6297002484e43421e356cbf3723b874ca2a8305daa3f490c

Score

10^/10

zloader nut 12/11 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

12/11

C2

https://tfbuildingjoinery.co.uk/robots.php

https://globalpacificproperties.com.au/terms.php

https://www.loonybinforum.com/errors.php

https://luminousintent.com.au/wp-smarts.php

https://espazioabierto.com/wp-smarts.php

https://racriporrosepo.tk/wp-smarts.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  c8c5815fe4a06a752e51f79332a393db1f91a8e39b67899aa996e4ca76cfa675.dll
- Size
  
  400KB
- MD5
  
  3cf481ccbb1019894fcbacb554f3bda1
- SHA1
  
  63c11153ab0afb36703723c5121cd0e9b48ac6e8
- SHA256
  
  c8c5815fe4a06a752e51f79332a393db1f91a8e39b67899aa996e4ca76cfa675
- SHA512
  
  628e34581b3ebc7645639f2e6da19ce15afb794cc032e99d895841eecef0bd372da27895a9485bb18630864b921c1239fa6e4904d6bd6f54ca80a220a3fe66d0
Score

10^/10

zloader nut 12/11 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut12/11botnettrojan

behavioral2

zloadernut12/11botnettrojan