zloader | 74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533

General

Target

74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533.exe
Size

194KB
Sample

240821-b7d56sxhkn
MD5

09874cbb134851ff3b971960916ce5bb
SHA1

42d32698f9513024f024eb6d1efcd9532ac1f622
SHA256

74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533
SHA512

502189cc108e8c8034d957a9b6b32c29731f9a4d0811ffd147ab3ff516144521c77234c1d114694b070965c4300f36410b607828cb961c56649e04cdd697ee05
SSDEEP

3072:+ELHCmCilCQ9khN5/empqIDq2mKtku4V6TQX6jk8Z/lFcXqR6U:+ELIZQ9kz5/em/DqxKSgTQY3qtU

Score

10^/10

zloader r1 r1 botnet discovery trojan

Malware Config

Extracted

Family

zloader

Botnet

r1

Campaign

r1

C2

https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php

https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php

https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php

https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php

Attributes

build_id
125

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533.exe
- Size
  
  194KB
- MD5
  
  09874cbb134851ff3b971960916ce5bb
- SHA1
  
  42d32698f9513024f024eb6d1efcd9532ac1f622
- SHA256
  
  74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533
- SHA512
  
  502189cc108e8c8034d957a9b6b32c29731f9a4d0811ffd147ab3ff516144521c77234c1d114694b070965c4300f36410b607828cb961c56649e04cdd697ee05
- SSDEEP
  
  3072:+ELHCmCilCQ9khN5/empqIDq2mKtku4V6TQX6jk8Z/lFcXqR6U:+ELIZQ9kz5/em/DqxKSgTQY3qtU
Score

10^/10

zloader r1 r1 botnet discovery trojan
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtCreateUserProcessOtherParentProcess

Zloader, Terdot, DELoader, ZeusSphinx

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2