General
-
Target
tfR5r4pw
-
Size
634KB
-
Sample
200702-7gtctk4t9x
-
MD5
004d3ff1fe0ec1d0a90913f1238f293f
-
SHA1
fe3a1f35f5c21ce72a1ef05cbf2824a51827a5f2
-
SHA256
3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816
-
SHA512
d8ad97df2d05d9ab88ed3e96e2e7c24efb57ec090737943f52548b1c39e2de9eaf270e20baa0728a31ffdc8745444abf18c07dbca4cce3f3a553c0709d8693ea
Static task
static1
Behavioral task
behavioral1
Sample
tfR5r4pw.dll
Resource
win7
Malware Config
Extracted
zloader
nut
02/07
https://tedxminna.com/wp-parsing.php
https://roeslidegeralic.gq/wp-parsing.php
https://tccgroup.com.tw/wp-parsing.php
https://marufait.com/wp-parsing.php
https://blackandprecious.com/wp-parsing.php
https://resources.digilentinc.com/wp-parsing.php
https://phywebtmoonsthevil.gq/wp-parsing.php
https://ews.asia/wp-parsing.php
https://ews1.icu/wp-parsing.php
Targets
-
-
Target
tfR5r4pw
-
Size
634KB
-
MD5
004d3ff1fe0ec1d0a90913f1238f293f
-
SHA1
fe3a1f35f5c21ce72a1ef05cbf2824a51827a5f2
-
SHA256
3dd800b875aa0ef2fa0923babdd4b162555a1c3ff3c58e9291d45fff82389816
-
SHA512
d8ad97df2d05d9ab88ed3e96e2e7c24efb57ec090737943f52548b1c39e2de9eaf270e20baa0728a31ffdc8745444abf18c07dbca4cce3f3a553c0709d8693ea
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Modifies service
-
Suspicious use of SetThreadContext
-