zloader | b4c029f9bb6d85ace85302d25caa7ec1da9d641872ea8f62b333a667c0d7b864 | Triage

Sharing

General

Target

d057014fe0e29b2604bd852595441a22.dll
Size

666KB
Sample

210415-p16phf7ckn
MD5

d057014fe0e29b2604bd852595441a22
SHA1

57563b2ba10105f0183bcff42800a1b061b560a6
SHA256

b4c029f9bb6d85ace85302d25caa7ec1da9d641872ea8f62b333a667c0d7b864
SHA512

09aeb08c2450b9f79967f071e7bc85b5d9ae86f3e005fb107e91695654620c52450ceabd74aad31a9d49d53fe588c194d3425348bf1527d34dd8a1ce94febcbc

Score

10^/10

zloader nut 13/04 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

13/04

C2

https://jiaayanu.com/post.php

https://investinszeklerland.eu/post.php

https://iqs-sac.com/post.php

https://jciems.in/post.php

https://jinnahofficersschool.com/post.php

https://kancagh.com/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  d057014fe0e29b2604bd852595441a22.dll
- Size
  
  666KB
- MD5
  
  d057014fe0e29b2604bd852595441a22
- SHA1
  
  57563b2ba10105f0183bcff42800a1b061b560a6
- SHA256
  
  b4c029f9bb6d85ace85302d25caa7ec1da9d641872ea8f62b333a667c0d7b864
- SHA512
  
  09aeb08c2450b9f79967f071e7bc85b5d9ae86f3e005fb107e91695654620c52450ceabd74aad31a9d49d53fe588c194d3425348bf1527d34dd8a1ce94febcbc
Score

10^/10

zloader nut 13/04 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut13/04botnettrojan

behavioral2

zloadernut13/04botnettrojan