zloader | 287352aca562a84f441ad7794832770ddfe283a8f05bab7a37f2ba66f3dc7edf | Triage

Sharing

General

Target

287352aca562a84f441ad7794832770ddfe283a8f05bab7a37f2ba66f3dc7edf
Size

619KB
Sample

210331-htdmz3wk72
MD5

a467c5e63940b8bc9b56f382aa20ea94
SHA1

eac1e8911a5fced479130bd8c7382aa6cb3278c9
SHA256

287352aca562a84f441ad7794832770ddfe283a8f05bab7a37f2ba66f3dc7edf
SHA512

2bf61eb3264e2171cb4dad95018ac5dca826950821f5b8c8a1399bac6fe55dab258fd54f12f3d3c83039ce37b43f292fefc02082010f102a26e86bccc04a1ce9

Score

10^/10

zloader nut 30/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/03

C2

https://holacast.com/post.php

https://homeloansadvisor.in/post.php

https://hoteldonalala.com.mx/post.php

https://hotimobiliaria.com.br/post.php

https://hrdgschool.com/post.php

https://huloolcreations.com/post.php

https://hyundainhatrang.vn/post.php

https://iaikotasemarang.id/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  287352aca562a84f441ad7794832770ddfe283a8f05bab7a37f2ba66f3dc7edf
- Size
  
  619KB
- MD5
  
  a467c5e63940b8bc9b56f382aa20ea94
- SHA1
  
  eac1e8911a5fced479130bd8c7382aa6cb3278c9
- SHA256
  
  287352aca562a84f441ad7794832770ddfe283a8f05bab7a37f2ba66f3dc7edf
- SHA512
  
  2bf61eb3264e2171cb4dad95018ac5dca826950821f5b8c8a1399bac6fe55dab258fd54f12f3d3c83039ce37b43f292fefc02082010f102a26e86bccc04a1ce9
Score

10^/10

zloader nut 30/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut30/03botnettrojan

behavioral2