zloader | e3fba6f1efac5f32c35baf0337c0b951bae84fd5e8e71708405d59610b5de19e

General

Target

アーカイブ.zip
Size

407KB
Sample

230209-crm9ksff67
MD5

a485068b0daccf32769e755e5a9393f6
SHA1

3e2af52c587b32f8fc7765fed0e2aaf169aec7d9
SHA256

e3fba6f1efac5f32c35baf0337c0b951bae84fd5e8e71708405d59610b5de19e
SHA512

ec761ddc3fa070925ca7727a71808c9ee515f9924bcb3f61d6a3e2fad84f5714212a0fc43d2470a9607ab42a98a40b9f994220690a653dca1bf76a9fe4aae55c
SSDEEP

12288:tGZTuOENdG2UIh21dHxp03+HPU9Ar5qRrRDhSQ:cuzodRakPw4qdBj

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

hvnc

Campaign

hvnc

C2

https://iqowijsdakm.com/gate.php

https://wiewjdmkfjn.com/gate.php

https://dksaoidiakjd.com/gate.php

https://iweuiqjdakjd.com/gate.php

https://yuidskadjna.com/gate.php

https://olksmadnbdj.com/gate.php

https://odsakmdfnbs.com/gate.php

https://odsakjmdnhsaj.com/gate.php

https://odjdnhsaj.com/gate.php

https://odoishsaj.com/gate.php

Attributes

build_id
157

rc4.plain

rsa_pubkey.plain

Extracted

Family

zloader

Botnet

main

Campaign

2020-06-12

C2

https://matarlod.org/web/data

https://datearoc.org/web/data

https://rechnecy.org/web/data

https://ramissal.org/web/data

https://raidesci.org/web/data

https://glartrot.org/web/data

https://revenapo.org/web/data

https://brenonip.org/web/data

Attributes

build_id
6

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a-1.exe
- Size
  
  409KB
- MD5
  
  56079ea11cb3fce2a34fdf0a81deecc5
- SHA1
  
  38475dc6871d88b3c9070f4e55f8c44a07b7dca3
- SHA256
  
  c75f4e1fd464e21826c37e5abf7fed93b48c721625f700f49aa71cbce377ee8a
- SHA512
  
  62881541d2f549475cb3a2026c1f53b2704834a5b5b2af154135b328347de690a4e4b23f047db85745a4b106b7ba541a854f91e0a8ff21255cb5df47aeda4e50
- SSDEEP
  
  12288:jS5WNqciJOAzgUOksgh/Zuss/p5V0noFJwhNUy:jS5WNqM1UOqFZusIpYe
Score

10^/10

zloader hvnc hvnc botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
behavioral1 behavioral2
- Target
  
  entomology.srt
- Size
  
  225KB
- MD5
  
  96874e8ec64976899a1f7b90022f3e43
- SHA1
  
  ab33331de0ab0f9dddb2b8eb8e4e8c92b18a9c61
- SHA256
  
  badc87166cc28491dcae0164e7dc027aeb4b98eea5f765f776f58d8683cdec6a
- SHA512
  
  4e8bccc9fe9d507817f78950388a8726f95a5aafd9a9e192ef9e33871a67cb9d44ff56c4a0c03490c30e2d272ca08ba3819992bc21d810bc3885ac7f4cf5b63b
- SSDEEP
  
  3072:XPbq/XSqcbXdOg9gkx/yrNPwwApe6eIDK+C9iKy6K7kDlUzYak6ve432+fGxsN5w:jqKDXdOAgUKXvji7oDvaNm4mSGqe9d
Score

10^/10

zloader main 2020-06-12 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral3 behavioral4

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Zloader, Terdot, DELoader, ZeusSphinx

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4