General
-
Target
e579b841c81d8b378c0f66349a339bb6e50b9d00bfd79d67464c4ad221f3301b.bin
-
Size
176KB
-
Sample
200914-ywfrktzsma
-
MD5
4a14e13367267b4ceeb34ed517e9f5c7
-
SHA1
ba55280201bc5115f4e7ca1a04f0f809db668bbc
-
SHA256
e579b841c81d8b378c0f66349a339bb6e50b9d00bfd79d67464c4ad221f3301b
-
SHA512
8ed032bace723e85ed6bf7a7b28d0953d1c8f92fefd26fc4b821c43ee2c4c9b32c03eb9c09a3c477f4f5696a115461720198f38f587da607fd62fef8d13e56f2
Malware Config
Extracted
zloader
DLLobnova
02.09.2020exe
https://fqnvtmqsywublocpheas.ru/gate.php
https://fqnvtmqsywublocpheas.su/gate.php
https://fqnvtmqsywublocpheas.eu/gate.php
https://fqnvtmqsywublocpheas.net/gate.php
https://fqnvtmqsywublocpheas.online/gate.php
https://fqnvtmqsywublocpheas.info/gate.php
https://dkssdsakdksawoiiokd.net/gate.php
https://dkssfksjafsanfsafsa.info/gate.php
https://fjafjasfisdhsdsdsasfs.info/gate.php
https://fksafjsafsfsfsfsasa.info/gate.php
Targets
-
-
Target
e579b841c81d8b378c0f66349a339bb6e50b9d00bfd79d67464c4ad221f3301b.bin
-
Size
176KB
-
MD5
4a14e13367267b4ceeb34ed517e9f5c7
-
SHA1
ba55280201bc5115f4e7ca1a04f0f809db668bbc
-
SHA256
e579b841c81d8b378c0f66349a339bb6e50b9d00bfd79d67464c4ad221f3301b
-
SHA512
8ed032bace723e85ed6bf7a7b28d0953d1c8f92fefd26fc4b821c43ee2c4c9b32c03eb9c09a3c477f4f5696a115461720198f38f587da607fd62fef8d13e56f2
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext
-