45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

Target

Size

485KB

Sample

220520-3rmk6ahdd6

Score

10 ^/10

MD5

e4a088773d56d0f6e7d1582f100b5137

SHA1

5cf878a09b2de0b664467b928ad03453e5c1491e

SHA256

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

SHA512

eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

zloader r1 r1 botnet trojan

Extracted

Family	zloader
Botnet	r1
Campaign	r1
C2	http://bsraotpeiimmrnchcqvr.com/LKhwojehDgwegSDG/gateJKjdsh.php http://exqnbgauiphxqdeecitw.com/LKhwojehDgwegSDG/gateJKjdsh.php http://fpbkvirfkfvufpbkvgty.com/LKhwojehDgwegSDG/gateJKjdsh.php http://hikowojacckxccgglhvy.com/LKhwojehDgwegSDG/gateJKjdsh.php http://kdrowkrjhrdmbxkthljt.com/LKhwojehDgwegSDG/gateJKjdsh.php http://nvlmtlisfmcfgimicstx.com/LKhwojehDgwegSDG/gateJKjdsh.php http://syohvyctqfcgakxepsou.com/LKhwojehDgwegSDG/gateJKjdsh.php http://wdwrhikolxfwyyhwwfut.com/LKhwojehDgwegSDG/gateJKjdsh.php http://bsraotpeiimmrnchcqvr.com/LKhwojehDgwegSDG/gateJKjdsh.php http://exqnbgauiphxqdeecitw.com/LKhwojehDgwegSDG/gateJKjdsh.php http://fpbkvirfkfvufpbkvgty.com/LKhwojehDgwegSDG/gateJKjdsh.php http://hikowojacckxccgglhvy.com/LKhwojehDgwegSDG/gateJKjdsh.php http://kdrowkrjhrdmbxkthljt.com/LKhwojehDgwegSDG/gateJKjdsh.php http://nvlmtlisfmcfgimicstx.com/LKhwojehDgwegSDG/gateJKjdsh.php http://syohvyctqfcgakxepsou.com/LKhwojehDgwegSDG/gateJKjdsh.php http://wdwrhikolxfwyyhwwfut.com/LKhwojehDgwegSDG/gateJKjdsh.php
Attributes	build_id 17
rc4.plain
rsa_pubkey.plain

Target

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

MD5

e4a088773d56d0f6e7d1582f100b5137

Filesize

485KB

Score

10^/10

SHA1

5cf878a09b2de0b664467b928ad03453e5c1491e

SHA256

45f3f5d22895889574eb220c91242129153c6d85374d08665348c3bbe3414543

SHA512

eea5d926f100f5ae136e2ea5c71530ff087349ed89aa069b1cc4490ca8bb0432e1013e953de6c56befd660acd673d388aeef3e9db0ced7cbd4dd71ed432f0f6d

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess
Zloader, Terdot, DELoader, ZeusSphinx
Description

Zloader is a malware strain that was initially discovered back in August 2015.
Tags

trojan botnet zloader
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

zloader r1 r1 botnet trojan

10^/10

behavioral2

zloader r1 r1 botnet trojan

10^/10

Extracted

Tags

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Description

Tags

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2