General
-
Target
umaq.zip
-
Size
165KB
-
Sample
201021-cyncgrbf5a
-
MD5
21fd713c710f2e865a8b1ed9a6e9f4cf
-
SHA1
59ddd7a44e5688974422778dd3f994f5c1bfb856
-
SHA256
83ebe997a131b0cdae96cbee50b5f715f097532ef0072cefb22ce1b785b90ddb
-
SHA512
a36fdcd61d8bd99560f6792fc4e56578b3e4ee28230c955eba5a12cf8f2942f3de17ba59a83d5377bcc617325af857e173922ecef0934d13f36e495dc4e056bf
Malware Config
Extracted
zloader
SG
SG
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php
https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php
https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
Targets
-
-
Target
umaq.exe
-
Size
235KB
-
MD5
38d8887c6f054a8a656a2edab0ff05e8
-
SHA1
4d73cb1626d0503dfa995d1f3eaed42abbaf564a
-
SHA256
1c11560d616c8994f2eff41bb8fc2f2125f28462c5949f3f6d284e0fc629ff37
-
SHA512
dd1f25b594a3309a5a17c8001fc2ef0c4fe1254b8eb90f7041de165e17f235915467751311e87041782c48168092b22bff416247eeb9ebea22681599840cdef1
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Modifies service
-
Suspicious use of SetThreadContext
-