zloader | 7e112625f22bd803b96a108a4e809a6d851be13e5e0c41a442ce2e4ce7a31ae8 | Triage

Resubmissions

10-09-2021 19:48

210910-yjb28saef6 10

Sharing

General

Target

3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d.zip
Size

83KB
Sample

210910-yjb28saef6
MD5

392d33f27593dba53f21358c7dba8b6d
SHA1

9395c9b6f65fd9bdafe03d1c47f53839544bf4f6
SHA256

7e112625f22bd803b96a108a4e809a6d851be13e5e0c41a442ce2e4ce7a31ae8
SHA512

d0b52fe8a444a162cf0a118aabec1d71a243bd960f541adf88190931dfdc44c002e3dde2de671d49571a15f644180684207ad5ea7e2c225061090572d21f5532

Score

10^/10

zloader nut 04/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

04/02

C2

https://vidhyashram.edu.in/post.php

https://carmeta-ampuh.com/post.php

https://bestarticleblog.com/post.php

https://alahsateam.com/post.php

https://pyggroup.com.pe/post.php

https://perlisisacsiograv.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d
- Size
  
  133KB
- MD5
  
  6d72546fbb7cae443a46d6a744760f7e
- SHA1
  
  c4d715bd92f12d54c2a77e5c1ac1ef1a2d1957f5
- SHA256
  
  3b3bf8030dbda7b4c12d965928bce68ed15341fa9d91ea4489ad3ca7aad6614d
- SHA512
  
  616e77a5a3e575d04229ecf6b7419c5886e1b2a9e38ba117debb4c97a3bce0b0ad75d9e9da46b747cee62cfa5a016bfc55a1d80aad2db137f7c1f176c4169f69
Score

10^/10

zloader nut 04/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

nut04/02zloader

behavioral1

zloadernut04/02botnettrojan

behavioral2

zloadernut04/02botnettrojan