zloader | a212778b12315f3eb63ed3cdfae0c21b30caff84e63218c790b81c12993e0834 | Triage

Sharing

General

Target

b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f.zip
Size

205KB
Sample

210402-9rc961hfsx
MD5

3b39df6dfdf030852aac66bd1bb3a508
SHA1

7ad9f5b614459ed9d6c0d96f558c86d020d09d30
SHA256

a212778b12315f3eb63ed3cdfae0c21b30caff84e63218c790b81c12993e0834
SHA512

8dd46dc6421de4a57d952ae838a5a5e1112e537b89187b30477c5683ce92ee0c9a9d926e3ed620bd8d305b2789d54470689a08aaa0f3f54d8d263350f378bd1d

Score

10^/10

zloader nut 22/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/03

C2

https://svilapp.svgipsar.org/post.php

https://nadar-gis.com/post.php

https://crearqarquitectos.com/post.php

https://crown-sign.com/post.php

https://dainikjahan.com/post.php

https://denatureedutech.com/post.php

https://alekllemtilaro.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f.dll
- Size
  
  298KB
- MD5
  
  a80859c1cd44daad1450948a1276bc0d
- SHA1
  
  46396892b9cafb2e59b8f667ec7822d0435384bb
- SHA256
  
  b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
- SHA512
  
  ce68470318b8472b30aeee8778802ca4c9175f075a9c19c8332a08a6a8518a2f157a9e2ccaedba1d42f83f591d3c5f233ee1b8b8fbb90589aae82c9dea68352c
Score

10^/10

zloader nut 22/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut22/03botnettrojan

behavioral2

zloadernut22/03botnettrojan