zloader | acc23d61641e44bd6ee2a4e2080aa8841856efdbc11b4be75ffdf721f757cf07 | Triage

Sharing

General

Target

acc23d61641e44bd6ee2a4e2080aa8841856efdbc11b4be75ffdf721f757cf07
Size

520KB
Sample

220319-mrcg7agaa5
MD5

0ffead3ef4030a202a8e55ce6efd1aba
SHA1

8642810c98e1f84a9ee3dc69d3b1ff2672bb8f25
SHA256

acc23d61641e44bd6ee2a4e2080aa8841856efdbc11b4be75ffdf721f757cf07
SHA512

1dc3a5773ceb4f53dee9105e6074c5d3c0fab6ca21c917949b6a2d6845f002650d4537d1275d07191cde79b8920df9c95e92fd4f915c5a109075e982a4132019

Score

10^/10

zloader nut 11/12 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

11/12

C2

https://www.businessinsurancelaw.com/wp-punch.php

https://squire.ae/wp-punch.php

https://lamun.pk/wp-punch.php

https://www.rcclabbd.com/wp-punch.php

https://thecype.com/wp-punch.php

https://theterteboltallbrow.tk/wp-smarts.php

Attributes

build_id
286

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  acc23d61641e44bd6ee2a4e2080aa8841856efdbc11b4be75ffdf721f757cf07
- Size
  
  520KB
- MD5
  
  0ffead3ef4030a202a8e55ce6efd1aba
- SHA1
  
  8642810c98e1f84a9ee3dc69d3b1ff2672bb8f25
- SHA256
  
  acc23d61641e44bd6ee2a4e2080aa8841856efdbc11b4be75ffdf721f757cf07
- SHA512
  
  1dc3a5773ceb4f53dee9105e6074c5d3c0fab6ca21c917949b6a2d6845f002650d4537d1275d07191cde79b8920df9c95e92fd4f915c5a109075e982a4132019
Score

10^/10

zloader nut 11/12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut11/12botnettrojan

behavioral2

zloadernut11/12botnettrojan