General
-
Target
a292511df94352fa685f2233d56c7310.dll
-
Size
509KB
-
Sample
201017-pm4xcb2vq2
-
MD5
a292511df94352fa685f2233d56c7310
-
SHA1
7d935b49414af019d758365af2d821f3c30242e6
-
SHA256
f8a18069037f638bd441000534be458fd218578f750665cc3fe49e979ea40173
-
SHA512
e163d684f61100fe0a6e1a0e4a16cb28bfb35ca71788b543a68ddf2bde881ba4ea8242d3e0219329553a7f09edc24d57a8e62d53c11dc32200cf5bc7d45820a7
Malware Config
Extracted
zloader
divader
poll
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
Targets
-
-
Target
a292511df94352fa685f2233d56c7310.dll
-
Size
509KB
-
MD5
a292511df94352fa685f2233d56c7310
-
SHA1
7d935b49414af019d758365af2d821f3c30242e6
-
SHA256
f8a18069037f638bd441000534be458fd218578f750665cc3fe49e979ea40173
-
SHA512
e163d684f61100fe0a6e1a0e4a16cb28bfb35ca71788b543a68ddf2bde881ba4ea8242d3e0219329553a7f09edc24d57a8e62d53c11dc32200cf5bc7d45820a7
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Modifies service
-
Suspicious use of SetThreadContext
-