zloader | a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f | Triage

Resubmissions

24-01-2024 07:29

240124-jbnczachd9 10

23-01-2024 11:54

240123-n2wjgsafc6 10

26-06-2020 08:43

200626-953qfplyej 10

Sharing

General

Target

xiynk.dll
Size

356KB
Sample

240124-jbnczachd9
MD5

e83a8a849188b48e79a6f49dd0c7ae91
SHA1

55a1669550d823104e1452f0e6a0a94c3f7fae12
SHA256

a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
SHA512

b035faff865f72977879322f9d1c08c6f87c96a8805db76a0e5ae4b6118f2b075e58bb1cc6a9cee8ce1c51763301443bab40970ad1f072a1763d7d7727e477f4
SSDEEP

6144:IOA9EZXHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZZAFPtkI751OnrRbOJ1P

Score

10^/10

zloader june25 june botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

june25

Campaign

june

C2

http://snnmnkxdhflwgthqismb.com/web/post.php

http://nlbmfsyplohyaicmxhum.com/web/post.php

http://softwareserviceupdater1.com/web/post.php

http://softwareserviceupdater2.com/web/post.php

Attributes

build_id
9

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  xiynk.dll
- Size
  
  356KB
- MD5
  
  e83a8a849188b48e79a6f49dd0c7ae91
- SHA1
  
  55a1669550d823104e1452f0e6a0a94c3f7fae12
- SHA256
  
  a97b7b2353dc9012b6cb914f6665d0e93f557859411d2e08b942316c09d7b07f
- SHA512
  
  b035faff865f72977879322f9d1c08c6f87c96a8805db76a0e5ae4b6118f2b075e58bb1cc6a9cee8ce1c51763301443bab40970ad1f072a1763d7d7727e477f4
- SSDEEP
  
  6144:IOA9EZXHHOsAFPtetI7AW7JOpoTIXbv6M19HBqxJPVZ5IebbnB:9A9EZZAFPtkI751OnrRbOJ1P
Score

10^/10

zloader june25 june botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderjune25junebotnettrojan

behavioral2

zloaderjune25junebotnettrojan