General
-
Target
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd_top_dllD23df_xlsp.c1
-
Size
636KB
-
Sample
201019-yzdlz13d4a
-
MD5
a31735e7cbd08a44f3e06b63f697b44d
-
SHA1
c7a2b7efa1380039215129968f60afd6ebed05c3
-
SHA256
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd
-
SHA512
7904cdbdb27a4d5fd553558c4bfc578fe0293f5663a5a98a5a4eebadc6f448b1ccc5e97c20e27c8033fd11189a24d5ac585940d98ea7b15137908051134a49c7
Malware Config
Extracted
zloader
divader
poll
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
https://fjskoijafsa.ru/gate.php
https://kochamkkkras.ru/gate.php
https://uookqihwdid.ru/gate.php
https://iqowijsdakm.ru/gate.php
https://wiewjdmkfjn.ru/gate.php
Targets
-
-
Target
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd_top_dllD23df_xlsp.c1
-
Size
636KB
-
MD5
a31735e7cbd08a44f3e06b63f697b44d
-
SHA1
c7a2b7efa1380039215129968f60afd6ebed05c3
-
SHA256
ad213eaf7436c9ebd4d1e3fe24ce4963a8d878b1b625198d5c8085c383f580dd
-
SHA512
7904cdbdb27a4d5fd553558c4bfc578fe0293f5663a5a98a5a4eebadc6f448b1ccc5e97c20e27c8033fd11189a24d5ac585940d98ea7b15137908051134a49c7
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-