zloader | 0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63

General

Target

0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63
Size

539KB
Sample

220205-yctzgaehfr
MD5

329dc85d3b5bc75e478343bb9451fd33
SHA1

f0052900fcb905021c79abf0bd3ab4eba09fb5ce
SHA256

0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63
SHA512

c45c0a9f50eb840ec3007e1b40ed9a0d89381c3ce1ca94ad0a169d1b45ae7ef3fe2a77a8ae51ac88b3721845c38b1901d8825623a58ef76020a94f70f51dfc7f

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

Apr14

Campaign

Spam

C2

http://wmwifbajxxbcxmucxmlc.com/post.php

http://ojnxjgfjlftfkkuxxiqd.com/post.php

http://pwkqhdgytsshkoibaake.com/post.php

http://snnmnkxdhflwgthqismb.com/post.php

http://iawfqecrwohcxnhwtofa.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

http://fvqlkgedqjiqgapudkgq.com/post.php

http://cmmxhurildiigqghlryq.com/post.php

http://nmqsmbiabjdnuushksas.com/post.php

http://fyratyubvflktyyjiqgq.com/post.php

Attributes

build_id
102

rc4.plain

Targets

- Target
  
  0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63
- Size
  
  539KB
- MD5
  
  329dc85d3b5bc75e478343bb9451fd33
- SHA1
  
  f0052900fcb905021c79abf0bd3ab4eba09fb5ce
- SHA256
  
  0b8585bcbc29e0a8f25118bc695cade9fed7a4676f3ea471bf08c869d8c85b63
- SHA512
  
  c45c0a9f50eb840ec3007e1b40ed9a0d89381c3ce1ca94ad0a169d1b45ae7ef3fe2a77a8ae51ac88b3721845c38b1901d8825623a58ef76020a94f70f51dfc7f
Score

10^/10

zloader apr14 spam botnet trojan suricata
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
  suricata
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz

suricata: ET MALWARE Zbot POST Request to C2

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2