General
-
Target
PSCavX9M
-
Size
468KB
-
Sample
200708-x8yy9dqx92
-
MD5
f5e5d82309619334c508544cd9a20e63
-
SHA1
9820fde0873ec93779f619973544d047a8bd8afb
-
SHA256
1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
-
SHA512
85bb57c0eca4855db98f5dda944f2788fde758ac3992409a147fb21a334b0db06ce61e294ff528f868f1517d39e41345c315aa5ddcc7f8ccec49d161bdde00b4
Static task
static1
Behavioral task
behavioral1
Sample
PSCavX9M.dll
Resource
win7
Malware Config
Extracted
zloader
kev
07/07
https://m.ultimatefitnessholiday.com/wp-parsing.php
https://netinup.it/wp-parsing.php
https://oneolimpio.tech/wp-parsing.php
https://adgersandviho.cf/wp-parsing.php
https://paraben-sticks.com/wp-parsing.php
https://tralsiwheepegangcomp.tk/wp-parsing.php
https://parceirosvendaativa.club/wp-parsing.php
Targets
-
-
Target
PSCavX9M
-
Size
468KB
-
MD5
f5e5d82309619334c508544cd9a20e63
-
SHA1
9820fde0873ec93779f619973544d047a8bd8afb
-
SHA256
1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
-
SHA512
85bb57c0eca4855db98f5dda944f2788fde758ac3992409a147fb21a334b0db06ce61e294ff528f868f1517d39e41345c315aa5ddcc7f8ccec49d161bdde00b4
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-