zloader | 61be79c9e47ad894006907c544c0a2d606d8d69c95298ffc5861f20c4b87769e | Triage

Sharing

General

Target

xiNGRHX.txt.dll
Size

688KB
Sample

210324-razqfejz3j
MD5

bb4d1959e6a7850a556ebadf69d18508
SHA1

c4a940aa768e97da36393a899775ff7172f66274
SHA256

61be79c9e47ad894006907c544c0a2d606d8d69c95298ffc5861f20c4b87769e
SHA512

57c6e278ca830b5d20ab0d6a442cfca2265abffa5f46f40c4551e22a0acafef0b0a9fe06b08848bc58dfd5e7e5327ccc4c684edb60204cbcc5a839a9bbbe0a0d

Score

10^/10

zloader nut 24/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  xiNGRHX.txt.dll
- Size
  
  688KB
- MD5
  
  bb4d1959e6a7850a556ebadf69d18508
- SHA1
  
  c4a940aa768e97da36393a899775ff7172f66274
- SHA256
  
  61be79c9e47ad894006907c544c0a2d606d8d69c95298ffc5861f20c4b87769e
- SHA512
  
  57c6e278ca830b5d20ab0d6a442cfca2265abffa5f46f40c4551e22a0acafef0b0a9fe06b08848bc58dfd5e7e5327ccc4c684edb60204cbcc5a839a9bbbe0a0d
Score

10^/10

zloader nut 24/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut24/03botnettrojan

behavioral2