General
-
Target
oOqVGCp.dll
-
Size
503KB
-
Sample
201015-k7mlf4l73s
-
MD5
967fc92dd482ba903c0d5f6e4358d461
-
SHA1
b3a7bc04095385d0a7d1722b4cc4e25ad3712e31
-
SHA256
e328b59a03281b6847e8b69c31833e912320972b7653e5824d6c081a356d2a63
-
SHA512
90cdebfa5758e964511b465b2a4382fb8963974d695ed62c87c62b87a4b75b71d62f8c58426c644cd3c8c6570ded6f923a429aee1530015f97fa687134a6ddc5
Malware Config
Extracted
zloader
divader
poll
https://fqnvsdaas.su/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
Targets
-
-
Target
oOqVGCp.dll
-
Size
503KB
-
MD5
967fc92dd482ba903c0d5f6e4358d461
-
SHA1
b3a7bc04095385d0a7d1722b4cc4e25ad3712e31
-
SHA256
e328b59a03281b6847e8b69c31833e912320972b7653e5824d6c081a356d2a63
-
SHA512
90cdebfa5758e964511b465b2a4382fb8963974d695ed62c87c62b87a4b75b71d62f8c58426c644cd3c8c6570ded6f923a429aee1530015f97fa687134a6ddc5
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-