zloader | d0bef870592d1095d72178c27b2ce81dc94163aa30fa0742d6d428a1485ae459 | Triage

Resubmissions

04-08-2023 09:59

230804-lz5y2aad94 10

03-08-2023 16:52

230803-vdwb5sfh5t 10

06-11-2020 00:36

201106-mvjrspwr32 10

Sharing

General

Target

n4.exe
Size

285KB
Sample

230803-vdwb5sfh5t
MD5

bcdae9f51c056a8bdfda1ab7dd9291f9
SHA1

e25e061296177376ffb63a8679dab6294609d436
SHA256

d0bef870592d1095d72178c27b2ce81dc94163aa30fa0742d6d428a1485ae459
SHA512

06e2843889fdc5106af1e92047f14b49c01b1d6601225083f370fee355d58d7ea1d180ade81fde03d10b752fba0a4096193edfae5360473af5dcd930b67109b9
SSDEEP

3072:fjnDk9LzxWoER2GsQjMBiaf/UABDjX8guvrJ6tAQBRhxBhWdGrOJhjNS6O:fbwVxWo8sQIBiYTDjru16NOJhC

Score

10^/10

zloader r2 r2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

r2

Campaign

r2

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
136

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  n4.exe
- Size
  
  285KB
- MD5
  
  bcdae9f51c056a8bdfda1ab7dd9291f9
- SHA1
  
  e25e061296177376ffb63a8679dab6294609d436
- SHA256
  
  d0bef870592d1095d72178c27b2ce81dc94163aa30fa0742d6d428a1485ae459
- SHA512
  
  06e2843889fdc5106af1e92047f14b49c01b1d6601225083f370fee355d58d7ea1d180ade81fde03d10b752fba0a4096193edfae5360473af5dcd930b67109b9
- SSDEEP
  
  3072:fjnDk9LzxWoER2GsQjMBiaf/UABDjX8guvrJ6tAQBRhxBhWdGrOJhjNS6O:fbwVxWo8sQIBiYTDjru16NOJhC
Score

10^/10

zloader r2 r2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderr2r2botnettrojan

behavioral2

zloaderr2r2botnettrojan