zloader | fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e | Triage

Resubmissions

31-10-2023 10:08

231031-l564aafc8y 10

01-08-2020 19:35

200801-yxa2qg44dx 10

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502
Size

395KB
Sample

231031-l564aafc8y
MD5

5120008536c0de7bf6030f10377ec8c0
SHA1

778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
SHA256

fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
SHA512

83f151f19a5cada9420040522d21b52943793530e5e43d1e0e47f8b4cc726d4b741663d4c8b8ef03649c1b281cd9c702419cb580abc555317363e7b8d02edb15
SSDEEP

6144:VhLHWQznGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQznGYX1dIbHF5V09TlfDTthXc5M1j

Score

10^/10

zloader july20ssl july20ssl botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

July20SSL

Campaign

July20SSL

C2

https://vlcafxbdjtlvlcduwhga.com/web/post.php

https://softwareserviceupdater3.com/web/post.php

https://softwareserviceupdater4.com/web/post.php

Attributes

build_id
18

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.34222957.15631.17502
- Size
  
  395KB
- MD5
  
  5120008536c0de7bf6030f10377ec8c0
- SHA1
  
  778a0fd8c2b307ad1aba4a66fadef2ff3306d5d0
- SHA256
  
  fa09c9ab2f3fc8d3c6541cb835769792d6bc041ba5aa1d04a22be1608791ad9e
- SHA512
  
  83f151f19a5cada9420040522d21b52943793530e5e43d1e0e47f8b4cc726d4b741663d4c8b8ef03649c1b281cd9c702419cb580abc555317363e7b8d02edb15
- SSDEEP
  
  6144:VhLHWQznGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQznGYX1dIbHF5V09TlfDTthXc5M1j
Score

10^/10

zloader july20ssl july20ssl botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderjuly20ssljuly20sslbotnettrojan

behavioral2

zloaderjuly20ssljuly20sslbotnettrojan