zloader | f7310ec9aae872399d2543df307f7935360bd20fca323eabf85ab0a349ee9d40 | Triage

Sharing

General

Target

f7310ec9aae872399d2543df307f7935360bd20fca323eabf85ab0a349ee9d40
Size

370KB
Sample

220309-c7mb8afcfj
MD5

c53f191e6a450b3200714f7159c120bc
SHA1

153d4b0f12e76402a286312a44aea04982ab4371
SHA256

f7310ec9aae872399d2543df307f7935360bd20fca323eabf85ab0a349ee9d40
SHA512

06d5e260aa293b59205285268ea74d2b0cf81c64208d5af87c05d6ecd51696ee29e06261dfc1ecaf68833e8f2b6fab0c1b75547572765aa2ea7b2a08e9a7a989

Score

10^/10

zloader nut 30/11 botnet suricata trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/11

C2

https://aogmphregion.org.za/construction.php

https://aayanent.com/backups.php

https://eagle-family.co.uk/panel.php

https://khanbuilders.uk/wp-punch.php

https://construbienesjg.com/wp-punch.php

https://despautyajobssooka.ml/wp-smarts.php

Attributes

build_id
257

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  f7310ec9aae872399d2543df307f7935360bd20fca323eabf85ab0a349ee9d40
- Size
  
  370KB
- MD5
  
  c53f191e6a450b3200714f7159c120bc
- SHA1
  
  153d4b0f12e76402a286312a44aea04982ab4371
- SHA256
  
  f7310ec9aae872399d2543df307f7935360bd20fca323eabf85ab0a349ee9d40
- SHA512
  
  06d5e260aa293b59205285268ea74d2b0cf81c64208d5af87c05d6ecd51696ee29e06261dfc1ecaf68833e8f2b6fab0c1b75547572765aa2ea7b2a08e9a7a989
Score

10^/10

zloader nut 30/11 botnet trojan suricata
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut30/11botnettrojan

behavioral2

zloadernut30/11botnetsuricatatrojan