zloader | 57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52 | Triage

Sharing

General

Target

57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52
Size

447KB
Sample

220418-l9vaaaedg3
MD5

83059ecb2b70c5c283938fdb798de541
SHA1

b8b151d34563d8510cbc4607b235edf57c36efaf
SHA256

57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52
SHA512

ed8024d89af1bd4d6da38af44d8466365c666cf1a5c0a5baa02db1c5493888e60618fe0bb3e72c0368b7272e97e1d7447c12aeb9e253437a50bc6977267a834b

Score

10^/10

zloader r1 r1 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
125

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52
- Size
  
  447KB
- MD5
  
  83059ecb2b70c5c283938fdb798de541
- SHA1
  
  b8b151d34563d8510cbc4607b235edf57c36efaf
- SHA256
  
  57dafb880df226e923da9f493c07980dc47b611f5bb6ebb337062de99b9e3a52
- SHA512
  
  ed8024d89af1bd4d6da38af44d8466365c666cf1a5c0a5baa02db1c5493888e60618fe0bb3e72c0368b7272e97e1d7447c12aeb9e253437a50bc6977267a834b
Score

10^/10

zloader r1 r1 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderr1r1botnettrojan

behavioral2

zloaderr1r1botnettrojan