zloader | 95b19f6107e6ed6af9b335d7ceed88a77ec8cb3864b09d70b6ea2f6ca9c13e9a | Triage

Sharing

General

Target

ee92d3d603247217f74e60ca6178e8d1.dll
Size

688KB
Sample

210325-f9xyvkra12
MD5

ee92d3d603247217f74e60ca6178e8d1
SHA1

f40cf6c3a5ab0f61dd6e280ab03ed6f1e490c8df
SHA256

95b19f6107e6ed6af9b335d7ceed88a77ec8cb3864b09d70b6ea2f6ca9c13e9a
SHA512

9718ff1b0f2e4b9fd771f7c3e15f445d93e0c0ffdec053a7628fd25f947e3145e9bd9ae013a26315e4a4351250c3573cabff7aaa82da9b579296240af0e26795

Score

10^/10

zloader nut 24/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

24/03

C2

https://electrabeautytools.com/post.php

https://elexitodelonatural.com/post.php

https://elmaaref.com/post.php

https://enrichuae.com/post.php

https://www.epsilon-me.com/post.php

https://codilmeosoterti.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  ee92d3d603247217f74e60ca6178e8d1.dll
- Size
  
  688KB
- MD5
  
  ee92d3d603247217f74e60ca6178e8d1
- SHA1
  
  f40cf6c3a5ab0f61dd6e280ab03ed6f1e490c8df
- SHA256
  
  95b19f6107e6ed6af9b335d7ceed88a77ec8cb3864b09d70b6ea2f6ca9c13e9a
- SHA512
  
  9718ff1b0f2e4b9fd771f7c3e15f445d93e0c0ffdec053a7628fd25f947e3145e9bd9ae013a26315e4a4351250c3573cabff7aaa82da9b579296240af0e26795
Score

10^/10

zloader nut 24/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut24/03botnettrojan

behavioral2