General
-
Target
apWcvEt.dll
-
Size
503KB
-
Sample
201015-ztzpj1kpvs
-
MD5
d16a18eb3dd8301fa08a699b71dace44
-
SHA1
10ebdfcb090075785e576858528a3c51c8d2b8a8
-
SHA256
ea2f669164d78dda6cfa73ec8cf823944855d3cd711714694bde177feba932f9
-
SHA512
7d7aac5d0fb78c01f0b4d1e340fd2c348be1c6b14181e924bf08ae7d2ee14e038799e72e2032939e94d28f909996f99d8f370e29dcff670dfd4ae12e5da586a5
Malware Config
Extracted
zloader
divader
xls_spam_1310
https://fqnvsdaas.su/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
Targets
-
-
Target
apWcvEt.dll
-
Size
503KB
-
MD5
d16a18eb3dd8301fa08a699b71dace44
-
SHA1
10ebdfcb090075785e576858528a3c51c8d2b8a8
-
SHA256
ea2f669164d78dda6cfa73ec8cf823944855d3cd711714694bde177feba932f9
-
SHA512
7d7aac5d0fb78c01f0b4d1e340fd2c348be1c6b14181e924bf08ae7d2ee14e038799e72e2032939e94d28f909996f99d8f370e29dcff670dfd4ae12e5da586a5
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-