zloader | 0d5cc8c23f947379e847033dbe1cc4ecc5d5d5f54b56a73d9833d40154e9cd23 | Triage

Sharing

General

Target

434c89ee9f413c1455992b6a9b0c67b6.dll
Size

688KB
Sample

210324-baxg6mmp32
MD5

434c89ee9f413c1455992b6a9b0c67b6
SHA1

8ae47bd241b56e4ffa340b09e3fe590775f87efc
SHA256

0d5cc8c23f947379e847033dbe1cc4ecc5d5d5f54b56a73d9833d40154e9cd23
SHA512

96226c34ab487f995d12ec099e7c53402fd39be5675e50a8f26db875329e0666581a9574dac0aa030451d21e83cd20a2e928fee3b3cad3daa3343009b018ba1b

Score

10^/10

zloader nut 24/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  434c89ee9f413c1455992b6a9b0c67b6.dll
- Size
  
  688KB
- MD5
  
  434c89ee9f413c1455992b6a9b0c67b6
- SHA1
  
  8ae47bd241b56e4ffa340b09e3fe590775f87efc
- SHA256
  
  0d5cc8c23f947379e847033dbe1cc4ecc5d5d5f54b56a73d9833d40154e9cd23
- SHA512
  
  96226c34ab487f995d12ec099e7c53402fd39be5675e50a8f26db875329e0666581a9574dac0aa030451d21e83cd20a2e928fee3b3cad3daa3343009b018ba1b
Score

10^/10

zloader nut 24/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut24/03botnettrojan

behavioral2