zloader | 630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426 | Triage

Sharing

General

Target

630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426
Size

238KB
Sample

220201-l984fadcf9
MD5

066f72a55a261f84c8c22bb1a18309e3
SHA1

144cf2e0dde280f287b0b4e634c31c12590e74c3
SHA256

630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426
SHA512

52a9f9e86f5a99117e4d83435553a4dfc49192bef701900dbb01b6eda3b73a286be13378d549b5a7b7c0e75bba1932e20019dfefcbdce4ab023a005698951197

Score

10^/10

zloader mainspam main300k botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

mainspam

Campaign

Main300k

C2

https://basisroot.online/put.php

Attributes

build_id
37

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426
- Size
  
  238KB
- MD5
  
  066f72a55a261f84c8c22bb1a18309e3
- SHA1
  
  144cf2e0dde280f287b0b4e634c31c12590e74c3
- SHA256
  
  630c098ef8211c05e0e68008bcbed6e4402e580e9538817b56084dc301954426
- SHA512
  
  52a9f9e86f5a99117e4d83435553a4dfc49192bef701900dbb01b6eda3b73a286be13378d549b5a7b7c0e75bba1932e20019dfefcbdce4ab023a005698951197
Score

10^/10

zloader mainspam main300k botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermainspammain300kbotnettrojan

behavioral2