zloader | 3aa6735651a8c21a6beff73d8c0a8ed8e7f5e62165a9f44e85cdedd063464252 | Triage

Sharing

General

Target

1688213bc5f70643deab5bdb02c0ae6c_JaffaCakes118
Size

570KB
Sample

240505-hw1y5adg64
MD5

1688213bc5f70643deab5bdb02c0ae6c
SHA1

b126be6cbc4543a57474a97bf8d4c439de56b4c2
SHA256

3aa6735651a8c21a6beff73d8c0a8ed8e7f5e62165a9f44e85cdedd063464252
SHA512

46798f5350024a6b8ca8303bc6c1cdd97ae13056ea722dd41bf72aaed9bdd627c024669ee4ba5bdc91efb0840965c86b929835f1acb64094705137c1a1cb9c6f
SSDEEP

6144:pXhlbaTbLY6VhaQOJz3utQd24SQ5J5HvoNQ/JyRpYrC:pXh5a7BV83utQd24JvorRpY

Score

10^/10

zloader bat1k2 bat1k2 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k2

Campaign

bat1k2

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
36

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  1688213bc5f70643deab5bdb02c0ae6c_JaffaCakes118
- Size
  
  570KB
- MD5
  
  1688213bc5f70643deab5bdb02c0ae6c
- SHA1
  
  b126be6cbc4543a57474a97bf8d4c439de56b4c2
- SHA256
  
  3aa6735651a8c21a6beff73d8c0a8ed8e7f5e62165a9f44e85cdedd063464252
- SHA512
  
  46798f5350024a6b8ca8303bc6c1cdd97ae13056ea722dd41bf72aaed9bdd627c024669ee4ba5bdc91efb0840965c86b929835f1acb64094705137c1a1cb9c6f
- SSDEEP
  
  6144:pXhlbaTbLY6VhaQOJz3utQd24SQ5J5HvoNQ/JyRpYrC:pXh5a7BV83utQd24JvorRpY
Score

10^/10

zloader bat1k2 bat1k2 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbat1k2bat1k2botnettrojan

behavioral2

zloaderbat1k2bat1k2botnettrojan