General
-
Target
YCRkFXS.dll
-
Size
764KB
-
Sample
201016-qne9lm4nr2
-
MD5
1d36338becdf76e5245665e2833d8a38
-
SHA1
1c2c449a06873070a3e154069c8a71de3d6e908d
-
SHA256
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
-
SHA512
391dfaab6326b9066d2be333eff53aab2c74a006fae5be93961d0bf1766d8ffb09c950093bbdcb7276047f574ba544f44c5f0835c0a0f3e764f02455fb375176
Malware Config
Extracted
zloader
divader
poll
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
Targets
-
-
Target
YCRkFXS.dll
-
Size
764KB
-
MD5
1d36338becdf76e5245665e2833d8a38
-
SHA1
1c2c449a06873070a3e154069c8a71de3d6e908d
-
SHA256
15737d37308fb5a8745afb8c34249e387bad9b1d001f2fcaa44b8c0333286861
-
SHA512
391dfaab6326b9066d2be333eff53aab2c74a006fae5be93961d0bf1766d8ffb09c950093bbdcb7276047f574ba544f44c5f0835c0a0f3e764f02455fb375176
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-