zloader | 8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2 | Triage

Resubmissions

14-02-2021 15:04

210214-9vhhccnxks 10

14-02-2021 14:13

210214-vw3zm8jwws 10

Sharing

General

Target

8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
Size

362KB
Sample

210214-vw3zm8jwws
MD5

d2852a3b2a20846528cec53426fd5f9c
SHA1

1fa892f9280708e7c82e958bec516bb2b09351f3
SHA256

8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
SHA512

247fae9f2c9bdca9d7eb4f44996e7e28d2cd9b7c87ea05a15b72ecb073750c8d9199d585771366687c43d802eb474e9486bb328d2984abeb4aacee62916ca2b6

Score

10^/10

zloader kev 08/02 botnet trojan

Malware Config

Extracted

Family

zloader

Botnet

kev

Campaign

08/02

C2

https://earfetti.com/post.php

https://evalynews.com/post.php

https://zeistatwalk.tk/post.php

https://spiraninendreamneu.tk/post.php

rc4.plain

rsa_pubkey.plain

Targets

- Target
  
  8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
- Size
  
  362KB
- MD5
  
  d2852a3b2a20846528cec53426fd5f9c
- SHA1
  
  1fa892f9280708e7c82e958bec516bb2b09351f3
- SHA256
  
  8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
- SHA512
  
  247fae9f2c9bdca9d7eb4f44996e7e28d2cd9b7c87ea05a15b72ecb073750c8d9199d585771366687c43d802eb474e9486bb328d2984abeb4aacee62916ca2b6
Score

10^/10

zloader kev 08/02 botnet trojan
- Zloader, Terdot, DELoader, ZeusSphinx
  Zloader is a malware strain that was initially discovered back in August 2015.
  trojan botnet zloader
- Blocklisted process makes network request
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

zloaderkev08/02botnettrojan

behavioral2

zloaderkev08/02botnettrojan