General
-
Target
ohceoz.dll
-
Size
505KB
-
Sample
201014-2vt3fsm2bs
-
MD5
1b936459245a60fd925cdddb016f281e
-
SHA1
d68f6184149b3fec71bb1aa7ad8890b0fa3b4fbf
-
SHA256
49d7303aab08fdc92f4a19e794ff05b82b4286d2793cdef0f85821b7201ccacb
-
SHA512
f08fd9d323afa4c42fb2718d22095d7a28dbbffcc8651c7915d1f9f6d8ee71e7617eb7c18d30ffe49e01abf7cda606489745f4d121034fffed8b6639aae1d8ff
Malware Config
Extracted
zloader
divader
xls_spam_1310
https://fqnvsdaas.su/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
Targets
-
-
Target
ohceoz.dll
-
Size
505KB
-
MD5
1b936459245a60fd925cdddb016f281e
-
SHA1
d68f6184149b3fec71bb1aa7ad8890b0fa3b4fbf
-
SHA256
49d7303aab08fdc92f4a19e794ff05b82b4286d2793cdef0f85821b7201ccacb
-
SHA512
f08fd9d323afa4c42fb2718d22095d7a28dbbffcc8651c7915d1f9f6d8ee71e7617eb7c18d30ffe49e01abf7cda606489745f4d121034fffed8b6639aae1d8ff
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-