zloader | ca4a842f5c327aa4372549fc4bf1e6f86956cfddcf423fbaadeba69fd6738c05 | Triage

Sharing

General

Target

311c78f93acf71a31e5c05bb20f0eef5.dll
Size

666KB
Sample

210415-asqecbxqae
MD5

311c78f93acf71a31e5c05bb20f0eef5
SHA1

d9618042f78ad4fd5e7c9e20114badf4e0b1b7b7
SHA256

ca4a842f5c327aa4372549fc4bf1e6f86956cfddcf423fbaadeba69fd6738c05
SHA512

781b64a2da50a94c660e577aad6dd0995ca1895c6b09f32c177d30383e721586ef7f0ae2c1aec8658b89b9b9ae4f1903e39b6bc5f11d554697c64974cec2bcb9

Score

10^/10

zloader nut 13/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

13/04

C2

https://jiaayanu.com/post.php

https://investinszeklerland.eu/post.php

https://iqs-sac.com/post.php

https://jciems.in/post.php

https://jinnahofficersschool.com/post.php

https://kancagh.com/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  311c78f93acf71a31e5c05bb20f0eef5.dll
- Size
  
  666KB
- MD5
  
  311c78f93acf71a31e5c05bb20f0eef5
- SHA1
  
  d9618042f78ad4fd5e7c9e20114badf4e0b1b7b7
- SHA256
  
  ca4a842f5c327aa4372549fc4bf1e6f86956cfddcf423fbaadeba69fd6738c05
- SHA512
  
  781b64a2da50a94c660e577aad6dd0995ca1895c6b09f32c177d30383e721586ef7f0ae2c1aec8658b89b9b9ae4f1903e39b6bc5f11d554697c64974cec2bcb9
Score

10^/10

zloader nut 13/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut13/04botnettrojan

behavioral2

zloadernut13/04botnettrojan