zloader | a5ec2f495c117f199e1cecc1e2c9e5ad7f4f8241eb0784bb82da89c5ac88778b | Triage

Sharing

General

Target

a5ec2f495c117f199e1cecc1e2c9e5ad7f4f8241eb0784bb82da89c5ac88778b
Size

395KB
Sample

220524-3qdxmafgel
MD5

f00a09d9a91de170a986d743da8a912b
SHA1

797e0c4bc66a9ce9598bd99b8c30340d42de71b7
SHA256

a5ec2f495c117f199e1cecc1e2c9e5ad7f4f8241eb0784bb82da89c5ac88778b
SHA512

ac36017e3d6b61332a983e5de1f20ef137c6127f90c6102c0a033a80fb7c4838e1eeb841615afe6226c4e4dee8aee38659d4df94d41a8fe14238d092f12e91ae

Score

10^/10

zloader july20ssl july20ssl botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

July20SSL

Campaign

July20SSL

C2

https://vlcafxbdjtlvlcduwhga.com/web/post.php

https://softwareserviceupdater3.com/web/post.php

https://softwareserviceupdater4.com/web/post.php

Attributes

build_id
18

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  a5ec2f495c117f199e1cecc1e2c9e5ad7f4f8241eb0784bb82da89c5ac88778b
- Size
  
  395KB
- MD5
  
  f00a09d9a91de170a986d743da8a912b
- SHA1
  
  797e0c4bc66a9ce9598bd99b8c30340d42de71b7
- SHA256
  
  a5ec2f495c117f199e1cecc1e2c9e5ad7f4f8241eb0784bb82da89c5ac88778b
- SHA512
  
  ac36017e3d6b61332a983e5de1f20ef137c6127f90c6102c0a033a80fb7c4838e1eeb841615afe6226c4e4dee8aee38659d4df94d41a8fe14238d092f12e91ae
Score

10^/10

zloader july20ssl july20ssl botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderjuly20ssljuly20sslbotnettrojan

behavioral2

zloaderjuly20ssljuly20sslbotnettrojan