zloader | f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09 | Triage

Sharing

General

Target

favicon.dll
Size

646KB
Sample

210707-kx81pfpv72
MD5

1d700b208c65ca26efe5fa4be4749569
SHA1

3deeff224b359ca2b28a841a116b84b783206adc
SHA256

f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09
SHA512

8c5bcbdf35f4e3ad1177d98b0944b1ec9f407a7bd537af5ecd8e5aad37a67c4c46748bfbe165b4edb6348324e4b97d26a6e1af0007f458c3f697a6757cb05d92

Score

10^/10

zloader mk1 mac2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

mk1

Campaign

mac2

C2

https://dssdffsdf.drld/mm.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  favicon.dll
- Size
  
  646KB
- MD5
  
  1d700b208c65ca26efe5fa4be4749569
- SHA1
  
  3deeff224b359ca2b28a841a116b84b783206adc
- SHA256
  
  f97954d9c80dbfee223fb704863c5a156912f450eee2d0510af6301dfd919f09
- SHA512
  
  8c5bcbdf35f4e3ad1177d98b0944b1ec9f407a7bd537af5ecd8e5aad37a67c4c46748bfbe165b4edb6348324e4b97d26a6e1af0007f458c3f697a6757cb05d92
Score

10^/10

zloader mk1 mac2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermk1mac2botnettrojan

behavioral2

zloadermk1mac2botnettrojan