zloader | 4180d224eaf6820284b3527f214191b8103d0d4853b45aae37c81b7a0c4e45b3 | Triage

Sharing

General

Target

4180d224eaf6820284b3527f214191b8103d0d4853b45aae37c81b7a0c4e45b3
Size

438KB
Sample

220215-mb7cmadgb8
MD5

6e6ad2e536f308176dfa419a7a53b14b
SHA1

531211dd82b3533d05a654e50683707ad90ba0e0
SHA256

4180d224eaf6820284b3527f214191b8103d0d4853b45aae37c81b7a0c4e45b3
SHA512

942e58994b01c00993df416fca726e185f1ee0cc96d0f3f6f4de690c13e3ee17ad82e2da5c64d7f0d6c759360e2a2504c2e7c4e177d575b9864ef6cc31724cbe

Score

10^/10

zloader kev 02/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

02/12

C2

https://www.alhasanatbooks.com/reader.php

https://aflim.org.ng/wp-punch.php

https://sardarmohammad.com/reports.php

https://erikarabelo.com.br/server.php

https://thechapelofthehealingcross.org/java.php

https://grebcanualcwilfprofal.ml/wp-smarts.php

Attributes

build_id
261

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  4180d224eaf6820284b3527f214191b8103d0d4853b45aae37c81b7a0c4e45b3
- Size
  
  438KB
- MD5
  
  6e6ad2e536f308176dfa419a7a53b14b
- SHA1
  
  531211dd82b3533d05a654e50683707ad90ba0e0
- SHA256
  
  4180d224eaf6820284b3527f214191b8103d0d4853b45aae37c81b7a0c4e45b3
- SHA512
  
  942e58994b01c00993df416fca726e185f1ee0cc96d0f3f6f4de690c13e3ee17ad82e2da5c64d7f0d6c759360e2a2504c2e7c4e177d575b9864ef6cc31724cbe
Score

10^/10

zloader kev 02/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev02/12botnettrojan

behavioral2

zloaderkev02/12botnettrojan