zloader | a104e1e3befda44a812d3c98177b05bdcb15ca48a60002b5d13256994741915b | Triage

Sharing

General

Target

a104e1e3befda44a812d3c98177b05bdcb15ca48a60002b5d13256994741915b
Size

520KB
Sample

220319-mreybagafp
MD5

2db23f40f56413146f1c2b1d445cbcf5
SHA1

d562a4950987411676f6ef2486d9fa3525fcc39a
SHA256

a104e1e3befda44a812d3c98177b05bdcb15ca48a60002b5d13256994741915b
SHA512

2d0ed0c47252a5588579aa79cfa5654f3c954ccf11362c7a490380c04d6365ab3f35d577d417cb5445811419afb7491a2982494047f2676692e5ae3c57756b76

Score

10^/10

zloader nut 11/12 botnet suricata trojan

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

11/12

C2

https://www.businessinsurancelaw.com/wp-punch.php

https://squire.ae/wp-punch.php

https://lamun.pk/wp-punch.php

https://www.rcclabbd.com/wp-punch.php

https://thecype.com/wp-punch.php

https://theterteboltallbrow.tk/wp-smarts.php

Attributes

build_id
286

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  a104e1e3befda44a812d3c98177b05bdcb15ca48a60002b5d13256994741915b
- Size
  
  520KB
- MD5
  
  2db23f40f56413146f1c2b1d445cbcf5
- SHA1
  
  d562a4950987411676f6ef2486d9fa3525fcc39a
- SHA256
  
  a104e1e3befda44a812d3c98177b05bdcb15ca48a60002b5d13256994741915b
- SHA512
  
  2d0ed0c47252a5588579aa79cfa5654f3c954ccf11362c7a490380c04d6365ab3f35d577d417cb5445811419afb7491a2982494047f2676692e5ae3c57756b76
Score

10^/10

zloader nut 11/12 botnet trojan suricata
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- suricata: ET MALWARE Zbot POST Request to C2
  suricata: ET MALWARE Zbot POST Request to C2
  suricata
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloadernut11/12botnettrojan

behavioral2

zloadernut11/12botnetsuricatatrojan