zloader | c5adc361e52c9a978ab90c6e56379a7c6202381e34d82a2a73b007c2469263bf | Triage

Sharing

General

Target

gily.dll
Size

447KB
Sample

220303-sw2wjadddm
MD5

72d9d1613f2dd8d89d2372cc5f22e316
SHA1

07ee0fe5a1b4c51fca014d1b6aa9accdac6f0a00
SHA256

c5adc361e52c9a978ab90c6e56379a7c6202381e34d82a2a73b007c2469263bf
SHA512

7d0938c9463a31387182498a4223c3e1af27be6300b182883458d892c1e5a6c4f462191d6c01b327c573bf1e17890c725e655e4a7becc5088a94c70f88c42d81

Score

10^/10

zloader bat1k2 bat1k2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k2

Campaign

bat1k2

C2

http://ad123234234.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.info/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
28

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  gily.dll
- Size
  
  447KB
- MD5
  
  72d9d1613f2dd8d89d2372cc5f22e316
- SHA1
  
  07ee0fe5a1b4c51fca014d1b6aa9accdac6f0a00
- SHA256
  
  c5adc361e52c9a978ab90c6e56379a7c6202381e34d82a2a73b007c2469263bf
- SHA512
  
  7d0938c9463a31387182498a4223c3e1af27be6300b182883458d892c1e5a6c4f462191d6c01b327c573bf1e17890c725e655e4a7becc5088a94c70f88c42d81
Score

10^/10

zloader bat1k2 bat1k2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbat1k2bat1k2botnettrojan

behavioral2

zloaderbat1k2bat1k2botnettrojan