General
-
Target
befa9f5bf600be688d04c8f12601c15b.dll
-
Size
509KB
-
Sample
201017-kv2yppebya
-
MD5
befa9f5bf600be688d04c8f12601c15b
-
SHA1
1588dc5943b4a2dd92f9bdb00d8dccf830e5e567
-
SHA256
2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
-
SHA512
55654b53529369ad748eda9bb592e05cc630f8a7003b320992e2e67050d20dea091fbcd014f9565425dac03d402f9e8d2a14a56b54419bb42a0558ee336ef48d
Static task
static1
Behavioral task
behavioral1
Sample
befa9f5bf600be688d04c8f12601c15b.dll
Resource
win7
Behavioral task
behavioral2
Sample
befa9f5bf600be688d04c8f12601c15b.dll
Resource
win10v200722
Malware Config
Extracted
zloader
divader
poll
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
Targets
-
-
Target
befa9f5bf600be688d04c8f12601c15b.dll
-
Size
509KB
-
MD5
befa9f5bf600be688d04c8f12601c15b
-
SHA1
1588dc5943b4a2dd92f9bdb00d8dccf830e5e567
-
SHA256
2146f27b05e76eac964c664ee1e6df16679ed030305b7ebe2298a606d03cdff3
-
SHA512
55654b53529369ad748eda9bb592e05cc630f8a7003b320992e2e67050d20dea091fbcd014f9565425dac03d402f9e8d2a14a56b54419bb42a0558ee336ef48d
Score10/10-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-