zloader | e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580 | Triage

Resubmissions

26-12-2022 13:28

221226-qqwq8ada46 10

25-11-2022 10:07

221125-l5na6sdb4t 10

Sharing

General

Target

e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580
Size

274KB
Sample

221226-qqwq8ada46
MD5

d046de3d748585f4740f11f44c5e7c31
SHA1

2b04641bd67e7d4bc6170bbd05b33a33dea521da
SHA256

e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580
SHA512

8f5bbdd39a6932b7b30be8736e1d5f7df4d20b894a3396f18daa93b018f7fa0651d3d915d37a13f84359439e23060cd1f9ac12b7c5aeff8f2353b8e0422df6e1
SSDEEP

6144:sq0e5NP+8ZqKMLLnMxOl6sl4IgKW1rYxk4xJS4H1m3tz3qLWYemA:s2Cnj6sYS36aC

Score

10^/10

zloader kev 02/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

02/02

C2

https://inservitudetothedivine.com/post.php

https://pebbleauto.com/post.php

https://ineenbeaudi.tk/post.php

Attributes

build_id
325

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580
- Size
  
  274KB
- MD5
  
  d046de3d748585f4740f11f44c5e7c31
- SHA1
  
  2b04641bd67e7d4bc6170bbd05b33a33dea521da
- SHA256
  
  e6ff434fbb288fb16f228292d41ed7cad38d06eb091ef6b4ab5da61ac96de580
- SHA512
  
  8f5bbdd39a6932b7b30be8736e1d5f7df4d20b894a3396f18daa93b018f7fa0651d3d915d37a13f84359439e23060cd1f9ac12b7c5aeff8f2353b8e0422df6e1
- SSDEEP
  
  6144:sq0e5NP+8ZqKMLLnMxOl6sl4IgKW1rYxk4xJS4H1m3tz3qLWYemA:s2Cnj6sYS36aC
Score

10^/10

zloader kev 02/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev02/02botnettrojan

behavioral2

zloaderkev02/02botnettrojan

behavioral3

zloaderkev02/02botnettrojan