zloader | a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7 | Triage

Sharing

General

Target

a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7
Size

529KB
Sample

220201-lkxzwaccan
MD5

ef0854d5e9d04be20e6676738096a021
SHA1

efa00fb74bd6f635cfd4400df3c56fa35caae10f
SHA256

a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7
SHA512

fa16a0228ecbc26621a1cb0cc5177c39498083839d60e6aafbec184427a8fab87f031aa0187d4b9c42cef17ac6e9e7b4fb5c9103b75278cd6094b36d49afca20

Score

10^/10

zloader main 18.05.2020 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

main

Campaign

18.05.2020

C2

https://sigmark.org/sound.php

https://perditta.org/sound.php

https://dentatox.org/sound.php

https://flopperos.org/sound.php

https://teslatis.org/sound.php

https://teamper.org/sound.php

https://gilantec.org/sound.php

https://trebitmore.org/sound.php

Attributes

build_id
54

rc4.plain

Targets

- Target
  
  a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7
- Size
  
  529KB
- MD5
  
  ef0854d5e9d04be20e6676738096a021
- SHA1
  
  efa00fb74bd6f635cfd4400df3c56fa35caae10f
- SHA256
  
  a240d581a1bf7b126aa030b1c796e013febb2145da16dd4d4842e5c3502943d7
- SHA512
  
  fa16a0228ecbc26621a1cb0cc5177c39498083839d60e6aafbec184427a8fab87f031aa0187d4b9c42cef17ac6e9e7b4fb5c9103b75278cd6094b36d49afca20
Score

10^/10

zloader main 18.05.2020 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadermain18.05.2020botnettrojan

behavioral2