zloader | 163467932e47c05c7dab51807a1190112df3d87330190280a120f2e0615747c6 | Triage

Sharing

General

Target

163467932e47c05c7dab51807a1190112df3d87330190280a120f2e0615747c6
Size

370KB
Sample

220309-c7pgksfcfk
MD5

5ae735cef861df30304b3cd7793d83d1
SHA1

3fc8233d747f968750da8206e377112fb776466c
SHA256

163467932e47c05c7dab51807a1190112df3d87330190280a120f2e0615747c6
SHA512

410e9763dc51aee7df15c49a25c88a1990cab7b53fd5ebe3491b61170d1878deb62c36afd0c31748c99747d78d5880bb702beaab1c9c9376256773468301db9e

Score

10^/10

zloader nut 30/11 botnet suricata trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/11

C2

https://aogmphregion.org.za/construction.php

https://aayanent.com/backups.php

https://eagle-family.co.uk/panel.php

https://khanbuilders.uk/wp-punch.php

https://construbienesjg.com/wp-punch.php

https://despautyajobssooka.ml/wp-smarts.php

Attributes

build_id
257

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  163467932e47c05c7dab51807a1190112df3d87330190280a120f2e0615747c6
- Size
  
  370KB
- MD5
  
  5ae735cef861df30304b3cd7793d83d1
- SHA1
  
  3fc8233d747f968750da8206e377112fb776466c
- SHA256
  
  163467932e47c05c7dab51807a1190112df3d87330190280a120f2e0615747c6
- SHA512
  
  410e9763dc51aee7df15c49a25c88a1990cab7b53fd5ebe3491b61170d1878deb62c36afd0c31748c99747d78d5880bb702beaab1c9c9376256773468301db9e
Score

10^/10

zloader nut 30/11 botnet trojan suricata
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut30/11botnettrojan

behavioral2

zloadernut30/11botnetsuricatatrojan