zloader | b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f | Triage

Resubmissions

05-11-2021 10:01

211105-l2l9psgebn 10

12-10-2021 18:42

211012-xcg48sdbb9 10

12-10-2021 18:06

211012-wpvenachc6 10

12-10-2021 17:54

211012-wg5knachb5 10

07-10-2021 08:47

211007-kpvvmscchl 10

Sharing

General

Target

b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
Size

298KB
Sample

211012-wg5knachb5
MD5

a80859c1cd44daad1450948a1276bc0d
SHA1

46396892b9cafb2e59b8f667ec7822d0435384bb
SHA256

b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
SHA512

ce68470318b8472b30aeee8778802ca4c9175f075a9c19c8332a08a6a8518a2f157a9e2ccaedba1d42f83f591d3c5f233ee1b8b8fbb90589aae82c9dea68352c

Score

10^/10

zloader nut 22/03 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

22/03

C2

https://svilapp.svgipsar.org/post.php

https://nadar-gis.com/post.php

https://crearqarquitectos.com/post.php

https://crown-sign.com/post.php

https://dainikjahan.com/post.php

https://denatureedutech.com/post.php

https://alekllemtilaro.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
- Size
  
  298KB
- MD5
  
  a80859c1cd44daad1450948a1276bc0d
- SHA1
  
  46396892b9cafb2e59b8f667ec7822d0435384bb
- SHA256
  
  b270e245132cf6624fc96642532a00c0a16681f59542220ad2c389d45865141f
- SHA512
  
  ce68470318b8472b30aeee8778802ca4c9175f075a9c19c8332a08a6a8518a2f157a9e2ccaedba1d42f83f591d3c5f233ee1b8b8fbb90589aae82c9dea68352c
Score

10^/10

zloader nut 22/03 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut22/03botnettrojan

behavioral2

zloadernut22/03botnettrojan