zloader | 14c47cc16c55060409202302048d8b8f97c9b3fa462d7710ab91bb3f3f7a75e8 | Triage

Sharing

General

Target

14c47cc16c55060409202302048d8b8f97c9b3fa462d7710ab91bb3f3f7a75e8
Size

370KB
Sample

220309-c7rlyafcfl
MD5

243104faac6863b5b4a4263f4040f021
SHA1

597fbf324045926a5e3cc1617dc89f83ddd49792
SHA256

14c47cc16c55060409202302048d8b8f97c9b3fa462d7710ab91bb3f3f7a75e8
SHA512

3a0bf5a2731155559faf5167e00662fa69e18f81dfc671ac3132eec84ae0b4293429fda477f8bbb5d8576d64e6d36eac09e00a69c124ae99dc30f37e7868d985

Score

10^/10

zloader nut 30/11 botnet suricata trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

30/11

C2

https://aogmphregion.org.za/construction.php

https://aayanent.com/backups.php

https://eagle-family.co.uk/panel.php

https://khanbuilders.uk/wp-punch.php

https://construbienesjg.com/wp-punch.php

https://despautyajobssooka.ml/wp-smarts.php

Attributes

build_id
257

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  14c47cc16c55060409202302048d8b8f97c9b3fa462d7710ab91bb3f3f7a75e8
- Size
  
  370KB
- MD5
  
  243104faac6863b5b4a4263f4040f021
- SHA1
  
  597fbf324045926a5e3cc1617dc89f83ddd49792
- SHA256
  
  14c47cc16c55060409202302048d8b8f97c9b3fa462d7710ab91bb3f3f7a75e8
- SHA512
  
  3a0bf5a2731155559faf5167e00662fa69e18f81dfc671ac3132eec84ae0b4293429fda477f8bbb5d8576d64e6d36eac09e00a69c124ae99dc30f37e7868d985
Score

10^/10

zloader nut 30/11 botnet trojan suricata
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut30/11botnettrojan

behavioral2

zloadernut30/11botnetsuricatatrojan