zloader | f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755 | Triage

Sharing

General

Target

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
Size

242KB
Sample

220201-kprszsccc8
MD5

e7371f007db56cf6c0ec2880db0984f7
SHA1

26d3cd9a7c0fe17d6b24053acf427493fdba1fb1
SHA256

f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
SHA512

231a70f0f88d729e1990fa78e6627478ae5f04c2bd8ac4180b02b9c7e35f7063db074e3b29917aefeb62b1a57d0d718c97a77c4a8d1489b0f3806848fb5e26da

Score

10^/10

zloader id1 maintry botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

id1

Campaign

MainTry

C2

https://axisbasis.xyz/data.php

Attributes

build_id
31

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
- Size
  
  242KB
- MD5
  
  e7371f007db56cf6c0ec2880db0984f7
- SHA1
  
  26d3cd9a7c0fe17d6b24053acf427493fdba1fb1
- SHA256
  
  f6ebd6f0fe20fe561d1cf5d6aea5201712a0eabf4624c863a5ab6d44b1f57755
- SHA512
  
  231a70f0f88d729e1990fa78e6627478ae5f04c2bd8ac4180b02b9c7e35f7063db074e3b29917aefeb62b1a57d0d718c97a77c4a8d1489b0f3806848fb5e26da
Score

10^/10

zloader id1 maintry botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderid1maintrybotnettrojan

behavioral2