zloader | c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2 | Triage

Sharing

General

Target

22c1b894002c6ffd1fdc2a75b48ddcda_JaffaCakes118
Size

723KB
Sample

240508-cmpa3sfg56
MD5

22c1b894002c6ffd1fdc2a75b48ddcda
SHA1

5037543f108882d6a0d5b1907d125d40e4126e32
SHA256

c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2
SHA512

67fe107a5bf13fa041eed46c4477ced5fd1af826cd6fc7e5b0661f3690d1a1eeeb69973ef9ccb50c13bc38740711ad0070daaa4b23ef49c9f28c164a881c4a67
SSDEEP

6144:GuPnPogxyU47hhfJHOtrfIx2yDsOyXMPfMPTPtP/PvPxPLPLPVPbPPxPTPDpP/PY:G4A8h4l1Rmr02GsOynnx9VQ

Score

10^/10

zloader bat1k3 bat1k3 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

bat1k3

Campaign

bat1k3

C2

http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php

http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
37

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  22c1b894002c6ffd1fdc2a75b48ddcda_JaffaCakes118
- Size
  
  723KB
- MD5
  
  22c1b894002c6ffd1fdc2a75b48ddcda
- SHA1
  
  5037543f108882d6a0d5b1907d125d40e4126e32
- SHA256
  
  c91229d90c423cd5b5bf870cec714e5c956058c62f4b2036607d44f1767c50d2
- SHA512
  
  67fe107a5bf13fa041eed46c4477ced5fd1af826cd6fc7e5b0661f3690d1a1eeeb69973ef9ccb50c13bc38740711ad0070daaa4b23ef49c9f28c164a881c4a67
- SSDEEP
  
  6144:GuPnPogxyU47hhfJHOtrfIx2yDsOyXMPfMPTPtP/PvPxPLPLPVPbPPxPTPDpP/PY:G4A8h4l1Rmr02GsOynnx9VQ
Score

10^/10

zloader bat1k3 bat1k3 botnet trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderbat1k3bat1k3botnettrojan

behavioral2

zloaderbat1k3bat1k3botnettrojan