General
-
Target
File2.exe
-
Size
210KB
-
Sample
201013-xs83jp8xjs
-
MD5
12368655038e920cb2ada7d34fac40dd
-
SHA1
fca002da98c91b019a3fab4639a4b6e4d0de43d7
-
SHA256
9f654fe304bd80d1114c515362319c59bc569a54cb445aacdf47672d56815da1
-
SHA512
caa8e284640c31ad4c7b86945a71ad46aa2eb8bb7e47358b67b5fa575cac2894ad5d8d41e26a7782d7e080d8126c2c377e7bcc8e3ff2f5785c9c60119c519d0e
Malware Config
Extracted
zloader
r1
r1
https://freebreez.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://makaronz.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://ricklick.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://litlblockblack.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://vaktorianpackif.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://hbamefphmqsdgkqojgwe.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://hoxfqvlgoabyfspvjimc.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://yrsfuaegsevyffrfsgpj.com/LKhwojehDgwegSDG/gateJKjdsh.php
Targets
-
-
Target
File2.exe
-
Size
210KB
-
MD5
12368655038e920cb2ada7d34fac40dd
-
SHA1
fca002da98c91b019a3fab4639a4b6e4d0de43d7
-
SHA256
9f654fe304bd80d1114c515362319c59bc569a54cb445aacdf47672d56815da1
-
SHA512
caa8e284640c31ad4c7b86945a71ad46aa2eb8bb7e47358b67b5fa575cac2894ad5d8d41e26a7782d7e080d8126c2c377e7bcc8e3ff2f5785c9c60119c519d0e
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext
-