zloader | 903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010 | Triage

Sharing

General

Target

903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010
Size

448KB
Sample

220516-cpqlxsabb8
MD5

8a46f0c4be8a91b533142a112618a885
SHA1

32a765a9a32ec7065087b172607e0f9a8119fc20
SHA256

903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010
SHA512

54a9c56d0b18779fc6d7c54f5b01bdf8cb2d830f7b035de2817950b90c1f363f1ad0a6a46db66fc0470c0e7b5c221d35cbe69752afbfb56560caaa42f06e7e5e

Score

10^/10

zloader bat1k3 bat1k3 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://ad123234234.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.info/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://ad123234234.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
29

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010
- Size
  
  448KB
- MD5
  
  8a46f0c4be8a91b533142a112618a885
- SHA1
  
  32a765a9a32ec7065087b172607e0f9a8119fc20
- SHA256
  
  903c3b246b516395e8aaca0c647d496005d9d6609107f7f67a061b5390608010
- SHA512
  
  54a9c56d0b18779fc6d7c54f5b01bdf8cb2d830f7b035de2817950b90c1f363f1ad0a6a46db66fc0470c0e7b5c221d35cbe69752afbfb56560caaa42f06e7e5e
Score

10^/10

zloader bat1k3 bat1k3 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbat1k3bat1k3botnettrojan

behavioral2

zloaderbat1k3bat1k3botnettrojan