General
-
Target
6058c6ad67825611365e2b30a4e8641f898a1f04c3d4edc4fc228ea7a5b5cb20
-
Size
403KB
-
Sample
201014-cvstngw8we
-
MD5
2fa9a6772967402049fd2e1b742e5fa9
-
SHA1
9a822c5aefffe744b9b02a1d7b8f53087626b3ef
-
SHA256
6058c6ad67825611365e2b30a4e8641f898a1f04c3d4edc4fc228ea7a5b5cb20
-
SHA512
a1be17283143ac6973ee8b716747f46441c1ed8496735f211e03266831df88c72f6fdf5d925678dcf0a422a4bf326f10993386da015aa76efb85fab59eb9bff7
Malware Config
Extracted
zloader
divader
xls_spam_1310
https://fqnvsdaas.su/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
Targets
-
-
Target
6058c6ad67825611365e2b30a4e8641f898a1f04c3d4edc4fc228ea7a5b5cb20
-
Size
403KB
-
MD5
2fa9a6772967402049fd2e1b742e5fa9
-
SHA1
9a822c5aefffe744b9b02a1d7b8f53087626b3ef
-
SHA256
6058c6ad67825611365e2b30a4e8641f898a1f04c3d4edc4fc228ea7a5b5cb20
-
SHA512
a1be17283143ac6973ee8b716747f46441c1ed8496735f211e03266831df88c72f6fdf5d925678dcf0a422a4bf326f10993386da015aa76efb85fab59eb9bff7
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-