zloader | de7da2ce5f2d7e5415bc3256cc5b7f97878ae9436497660b9add78829a8650cf | Triage

Resubmissions

15-11-2023 12:50

231115-p3c9zacb5x 10

22-07-2020 17:01

200722-kpynvy9y5s 10

Sharing

General

Target

cYNhXOc.dll
Size

395KB
Sample

231115-p3c9zacb5x
MD5

4aaf7ca556de0be48d9bb5bed405fa88
SHA1

b85f9bf19e02f7756ee4aeb32c41d4b117a75045
SHA256

de7da2ce5f2d7e5415bc3256cc5b7f97878ae9436497660b9add78829a8650cf
SHA512

31911b68c382f04ca332c55274a31a20822b444f51a4ff407901deb686b035e209cf209ab997c03a40341de0ec868e83e701ae0950d577c7aac6f5f654e74c22
SSDEEP

6144:VhLHWQzNGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQzNGYX1dIbHF5V09TlfDTthXc5M1j

Score

10^/10

zloader july20ssl july20ssl botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

July20SSL

Campaign

July20SSL

C2

https://vlcafxbdjtlvlcduwhga.com/web/post.php

https://softwareserviceupdater3.com/web/post.php

https://softwareserviceupdater4.com/web/post.php

Attributes

build_id
18

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  cYNhXOc.dll
- Size
  
  395KB
- MD5
  
  4aaf7ca556de0be48d9bb5bed405fa88
- SHA1
  
  b85f9bf19e02f7756ee4aeb32c41d4b117a75045
- SHA256
  
  de7da2ce5f2d7e5415bc3256cc5b7f97878ae9436497660b9add78829a8650cf
- SHA512
  
  31911b68c382f04ca332c55274a31a20822b444f51a4ff407901deb686b035e209cf209ab997c03a40341de0ec868e83e701ae0950d577c7aac6f5f654e74c22
- SSDEEP
  
  6144:VhLHWQzNGP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQzNGYX1dIbHF5V09TlfDTthXc5M1j
Score

10^/10

zloader july20ssl july20ssl botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderjuly20ssljuly20sslbotnettrojan

behavioral2

zloaderjuly20ssljuly20sslbotnettrojan