zloader | c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c | Triage

Resubmissions

15-11-2023 13:29

231115-qrppascc7z 10

25-07-2020 00:15

200725-jw6c5c3brx 10

Sharing

General

Target

july22.dll
Size

395KB
Sample

231115-qrppascc7z
MD5

94fa4ef5c63b688a2813e95138198cb4
SHA1

24695fee9af688864a789b0415c19918870fdff5
SHA256

c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c
SHA512

e3d83795765e9e1f6c87f33494894260956b86fc7d8455c7ac0eb23c3f4d9c227c6e0358745eba7a87e9ff367d9a19adc257c75c59278d0f968f94eb408bf85c
SSDEEP

6144:VhLHWQz0GP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQz0GYX1dIbHF5V09TlfDTthXc5M1j

Score

10^/10

zloader july20ssl july20ssl botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

July20SSL

Campaign

July20SSL

C2

https://vlcafxbdjtlvlcduwhga.com/web/post.php

https://softwareserviceupdater3.com/web/post.php

https://softwareserviceupdater4.com/web/post.php

Attributes

build_id
18

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  july22.dll
- Size
  
  395KB
- MD5
  
  94fa4ef5c63b688a2813e95138198cb4
- SHA1
  
  24695fee9af688864a789b0415c19918870fdff5
- SHA256
  
  c1532b3d37ff2ec7d70d7f8037b8cdf843d3cdd24adf860f4251d045ddf9d47c
- SHA512
  
  e3d83795765e9e1f6c87f33494894260956b86fc7d8455c7ac0eb23c3f4d9c227c6e0358745eba7a87e9ff367d9a19adc257c75c59278d0f968f94eb408bf85c
- SSDEEP
  
  6144:VhLHWQz0GP/YR2rCnft7BdI7vHFtpuqVtT/C9KxwlfCokKYmT8SNhXDZi5121jYN:/WQz0GYX1dIbHF5V09TlfDTthXc5M1j
Score

10^/10

zloader july20ssl july20ssl botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderjuly20ssljuly20sslbotnettrojan

behavioral2

zloaderjuly20ssljuly20sslbotnettrojan