zloader | 3787d90c7fa9f7b2803b904476eff287d4f59d1fe550f248250e84ca8885065f | Triage

Sharing

General

Target

cYg4dkuO.dll
Size

688KB
Sample

210324-clw1bf67ln
MD5

1da1b1f1037bacd1fe8e017a5d52e727
SHA1

b9b6463219a19632299c5e0fb76715753b6ddd0e
SHA256

3787d90c7fa9f7b2803b904476eff287d4f59d1fe550f248250e84ca8885065f
SHA512

9ff5622658a9d5c1f679a4783d2f4a4b340838fc24fbcc5e1856d74ce7e9d5b90280b5cd1b96e7be40c87406d7e0c0d2c2e6a51b786b6c29d069b23f0287a5f4

Score

10^/10

zloader nut 24/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  cYg4dkuO.dll
- Size
  
  688KB
- MD5
  
  1da1b1f1037bacd1fe8e017a5d52e727
- SHA1
  
  b9b6463219a19632299c5e0fb76715753b6ddd0e
- SHA256
  
  3787d90c7fa9f7b2803b904476eff287d4f59d1fe550f248250e84ca8885065f
- SHA512
  
  9ff5622658a9d5c1f679a4783d2f4a4b340838fc24fbcc5e1856d74ce7e9d5b90280b5cd1b96e7be40c87406d7e0c0d2c2e6a51b786b6c29d069b23f0287a5f4
Score

10^/10

zloader nut 24/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut24/03botnettrojan

behavioral2