zloader | 21587aadce40fc29bdf220e3ad7b63e87f9210dcc3742cf77dc7544438b8db32

General

Target

bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118
Size

155KB
Sample

240823-w5sk1a1hln
MD5

bcb6960b9f204fe1a299e44d011964c3
SHA1

9463ef0923c751223a676fd962d90345edf198ac
SHA256

21587aadce40fc29bdf220e3ad7b63e87f9210dcc3742cf77dc7544438b8db32
SHA512

1b075f1ae357e8d1af4a86c687a674a58991e108b2a7c2d45dda9119bc3d1f111c491176e034266efd741f687e203d4ee91d2a13d3f7ad74a06ebb69cd14dae1
SSDEEP

3072:h35KkzBoJJ9DGW4tJ80rV81TSFtIWzepbhfm4OPdvl7h8iCP:edDGpJ8+V8CtIauh+4udkiC

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

nut

Campaign

16/02

C2

https://wewalk.cl/post.php

https://dpack-co.com/post.php

https://dr-mirahmadi.ir/post.php

https://indiaastrologyfoundation.in/post.php

https://metisacademy.ir/post.php

https://lan-samarinda.com/post.php

https://pyouleigorgawimbwans.tk/post.php

Attributes

build_id
351

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  bcb6960b9f204fe1a299e44d011964c3_JaffaCakes118
- Size
  
  155KB
- MD5
  
  bcb6960b9f204fe1a299e44d011964c3
- SHA1
  
  9463ef0923c751223a676fd962d90345edf198ac
- SHA256
  
  21587aadce40fc29bdf220e3ad7b63e87f9210dcc3742cf77dc7544438b8db32
- SHA512
  
  1b075f1ae357e8d1af4a86c687a674a58991e108b2a7c2d45dda9119bc3d1f111c491176e034266efd741f687e203d4ee91d2a13d3f7ad74a06ebb69cd14dae1
- SSDEEP
  
  3072:h35KkzBoJJ9DGW4tJ80rV81TSFtIWzepbhfm4OPdvl7h8iCP:edDGpJ8+V8CtIauh+4udkiC
Score

10^/10

zloader nut 16/02 botnet discovery trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader, Terdot, DELoader, ZeusSphinx

Blocklisted process makes network request

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2