General
-
Target
9TE15
-
Size
433KB
-
Sample
200707-7wp2rrn6l2
-
MD5
89fbc889caf9e9015b1ee438d1e2f907
-
SHA1
71fac1254ea1757a88f76a589a575b5e7ba011e9
-
SHA256
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
-
SHA512
3ae5e9896dc732f4fe28bb6dc2fc2410702dd4e80cd72cfda6111bd7b2e6ae9ff3447c9024f15af7a640e538af0eb5aed1733421f1c5cd9aabd640325cfb8af6
Malware Config
Extracted
zloader
nut
06/07
https://acrilicossp.com.br/wp-parsing.php
https://neterscunverssuf.gq/wp-parsing.php
https://afdah2.com/wp-parsing.php
https://ajacademys.com/wp-parsing.php
https://aydninsaat.com/wp-parsing.php
https://bludelego.it/wp-parsing.php
https://chwasinsvolanrosti.gq/wp-parsing.php
https://bnegg.vn/wp-parsing.php
Targets
-
-
Target
9TE15
-
Size
433KB
-
MD5
89fbc889caf9e9015b1ee438d1e2f907
-
SHA1
71fac1254ea1757a88f76a589a575b5e7ba011e9
-
SHA256
f28dd082013ee7df2f5956c4e8791e863e575aa64071af9a910826bc12d27acb
-
SHA512
3ae5e9896dc732f4fe28bb6dc2fc2410702dd4e80cd72cfda6111bd7b2e6ae9ff3447c9024f15af7a640e538af0eb5aed1733421f1c5cd9aabd640325cfb8af6
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-