zloader | edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55 | Triage

Sharing

General

Target

zloader 2_1.2.24.0.vir
Size

522KB
Sample

200719-tna9m3npyx
MD5

c1918f37dd75bfdb3f35e970eea9c1a3
SHA1

80021e8fbc2720209df1ba35cb5f1d4cc5935b97
SHA256

edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
SHA512

7219513a77cb312d8fa209524d91d100ac0e6790bac7b12a600ebbaa97195dc09c7cd9034262049efab778c02c2c072708b73f746283e9046545df1030e4add3

Score

10^/10

zloader may4 may4dukeexe botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

may4

Campaign

may4dukeexe

C2

http://april30x3domain.com/post.php

http://april30domain.com/post.php

rc4.plain

Targets

- Target
  
  zloader 2_1.2.24.0.vir
- Size
  
  522KB
- MD5
  
  c1918f37dd75bfdb3f35e970eea9c1a3
- SHA1
  
  80021e8fbc2720209df1ba35cb5f1d4cc5935b97
- SHA256
  
  edb9d542cbc5ab07fd52792e20294f82b51de49c3d32938cbd9b55b2374d2b55
- SHA512
  
  7219513a77cb312d8fa209524d91d100ac0e6790bac7b12a600ebbaa97195dc09c7cd9034262049efab778c02c2c072708b73f746283e9046545df1030e4add3
Score

10^/10

trojan botnet zloader
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

trojanbotnetzloader

behavioral2