zloader | 08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31 | Triage

Sharing

General

Target

08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31
Size

438KB
Sample

220309-qv4bvsgha7
MD5

1d09fc6d3308be3bfcc43fe2a8205263
SHA1

07e2d91dc8c1f550baf7e613a5a77f6d575b27d1
SHA256

08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31
SHA512

e83080ff09630198f32e8b86a9ac391b9637d8e16b535d05c80037497c522f7fffe2c005ecfb713b85c4a6f529533d33424ed75312e05bd1b458975d53df8deb

Score

10^/10

zloader kev 02/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

02/12

C2

https://www.alhasanatbooks.com/reader.php

https://aflim.org.ng/wp-punch.php

https://sardarmohammad.com/reports.php

https://erikarabelo.com.br/server.php

https://thechapelofthehealingcross.org/java.php

https://grebcanualcwilfprofal.ml/wp-smarts.php

Attributes

build_id
261

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31
- Size
  
  438KB
- MD5
  
  1d09fc6d3308be3bfcc43fe2a8205263
- SHA1
  
  07e2d91dc8c1f550baf7e613a5a77f6d575b27d1
- SHA256
  
  08cb15d9f0002f9c8cddc10e7e6a63fc9e621adc53686c0ed6cf296f60a83f31
- SHA512
  
  e83080ff09630198f32e8b86a9ac391b9637d8e16b535d05c80037497c522f7fffe2c005ecfb713b85c4a6f529533d33424ed75312e05bd1b458975d53df8deb
Score

10^/10

zloader kev 02/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev02/12botnettrojan

behavioral2

zloaderkev02/12botnettrojan