General
-
Target
78e34b21a5786410919826ed63c6c65ced1120074800f7349e772476cdbafc78
-
Size
403KB
-
Sample
201014-1sk6yhylk6
-
MD5
f581dc22f9c9ea6d1a46f2505047ad99
-
SHA1
1a9e0d06650ae183366e1b533a431486daf083db
-
SHA256
78e34b21a5786410919826ed63c6c65ced1120074800f7349e772476cdbafc78
-
SHA512
b98ede1d7bb0cda172852fb51b5139300857f3e378e77071c39ac857c1df34816053d902b9441092c63857e36af253d91446bc4db324daa7a3cc5451439e1ca9
Malware Config
Extracted
zloader
divader
xls_spam_1310
https://fqnvsdaas.su/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
Targets
-
-
Target
78e34b21a5786410919826ed63c6c65ced1120074800f7349e772476cdbafc78
-
Size
403KB
-
MD5
f581dc22f9c9ea6d1a46f2505047ad99
-
SHA1
1a9e0d06650ae183366e1b533a431486daf083db
-
SHA256
78e34b21a5786410919826ed63c6c65ced1120074800f7349e772476cdbafc78
-
SHA512
b98ede1d7bb0cda172852fb51b5139300857f3e378e77071c39ac857c1df34816053d902b9441092c63857e36af253d91446bc4db324daa7a3cc5451439e1ca9
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-