zloader | 55f8996aaeb9b14ea0f1c2b653aa5db107d5182a23c42c6e333d72893981ae13 | Triage

Sharing

General

Target

55f8996aaeb9b14ea0f1c2b653aa5db107d5182a23c42c6e333d72893981ae13
Size

146KB
Sample

211116-xqldtafaf5
MD5

bd20ce1712abe7b0056510ec53428085
SHA1

8efb75b38aef96452eea0a7f397c426936c9c535
SHA256

55f8996aaeb9b14ea0f1c2b653aa5db107d5182a23c42c6e333d72893981ae13
SHA512

1721f7377b73204840a99b6253231f6ebaaf72d7340b3b0446bd980d88e1f1e9728ec609f0f42a47c2585b6a12d410af5ca5212bc03c2d52d576996d93f01fbf

Score

10^/10

zloader 123 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

123

C2

http://gipc.in/post.php

http://fbhindia.com/post.php

http://ecolenefiber.com/post.php

http://design.ecolenefiber.com/post.php

http://beta.marlics.ir/post.php

http://hari.pk/post.php

http://iaiskjmalang.ac.id/post.php

http://314xd.com/post.php

http://ejournal.iaiskjmalang.ac.id/post.php

http://duanvn.com/post.php

Attributes

build_id
3355185

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  55f8996aaeb9b14ea0f1c2b653aa5db107d5182a23c42c6e333d72893981ae13
- Size
  
  146KB
- MD5
  
  bd20ce1712abe7b0056510ec53428085
- SHA1
  
  8efb75b38aef96452eea0a7f397c426936c9c535
- SHA256
  
  55f8996aaeb9b14ea0f1c2b653aa5db107d5182a23c42c6e333d72893981ae13
- SHA512
  
  1721f7377b73204840a99b6253231f6ebaaf72d7340b3b0446bd980d88e1f1e9728ec609f0f42a47c2585b6a12d410af5ca5212bc03c2d52d576996d93f01fbf
Score

10^/10

zloader 123 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloader123botnettrojan