zloader | aa8fc19f16e4e185f6464d2e18ec7731c235d2b0d364f76965cf5967d5eef613

General

Target

aa8fc19f16e4e185f6464d2e18ec7731c235d2b0d364f76965cf5967d5eef613.dll
Size

491KB
Sample

250314-echfws11ft
MD5

b57e40b039858fd23e0f25a03db376ad
SHA1

7f3cf3274cbf83233aeda6074362216b91d34cbd
SHA256

aa8fc19f16e4e185f6464d2e18ec7731c235d2b0d364f76965cf5967d5eef613
SHA512

d1b64eec36780e56f3fdf57be8c2c24f08554eba8ffb29c38959d4064cd1e24c04183d71cb820d29a21efa37ade67c723b5c0137e0ca134c9e6c3f7861a9753f
SSDEEP

12288:uDKxKMk8PhMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8ZMNYnGOSSjgW41QEv1aO

Score

10^/10

Malware Config

Extracted

Family

zloader

Botnet

June08

Campaign

June

C2

http://snnmnkxdhflwgthqismb.com/post.php

http://nlbmfsyplohyaicmxhum.com/post.php

Attributes

build_id
149

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  aa8fc19f16e4e185f6464d2e18ec7731c235d2b0d364f76965cf5967d5eef613.dll
- Size
  
  491KB
- MD5
  
  b57e40b039858fd23e0f25a03db376ad
- SHA1
  
  7f3cf3274cbf83233aeda6074362216b91d34cbd
- SHA256
  
  aa8fc19f16e4e185f6464d2e18ec7731c235d2b0d364f76965cf5967d5eef613
- SHA512
  
  d1b64eec36780e56f3fdf57be8c2c24f08554eba8ffb29c38959d4064cd1e24c04183d71cb820d29a21efa37ade67c723b5c0137e0ca134c9e6c3f7861a9753f
- SSDEEP
  
  12288:uDKxKMk8PhMNo+e8kGOK9ab4ozUWdBENcYcj6D9r6W3FaOi:uDjMk8ZMNYnGOSSjgW41QEv1aO
Score

10^/10

zloader june08 june botnet discovery trojan
- Zloader family
  zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Zloader family

Zloader, Terdot, DELoader, ZeusSphinx

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2