General
-
Target
zloader.dll
-
Size
152KB
-
Sample
201028-x9sp6w2nv6
-
MD5
b035e24d80b7460ead4a95d0894ec36d
-
SHA1
d7e1da5a2e7c8655781806f74f7d5d71112ada88
-
SHA256
9f5ae7544311e1c85c7452df11f0d7943f1a970f71a8d3bc7b9b062c71830242
-
SHA512
3fb2896bc20875a2359af20fdfb7593909f378625fa8fb97a64d8db6111e8e9c5e61af296620093f9e782026d6d91b662a14242ac46c593940373e74e3c26205
Malware Config
Extracted
zloader
DLLobnova
02.09.2020dll
https://fqnvtmqsywublocpheas.ru/gate.php
https://fqnvtmqsywublocpheas.su/gate.php
https://fqnvtmqsywublocpheas.eu/gate.php
https://fqnvtmqsywuikdjsmasablocpheas.eu/gate.php
https://fqnssvtmqsywufblocpheas.eu/gate.php
https://fqnvtmqsywublfocpheas.eu/gate.php
https://fqnvtmqsyfwublocpheas.eu/gate.php
https://fqnvtmqsywubflocpheas.eu/gate.php
Targets
-
-
Target
zloader.dll
-
Size
152KB
-
MD5
b035e24d80b7460ead4a95d0894ec36d
-
SHA1
d7e1da5a2e7c8655781806f74f7d5d71112ada88
-
SHA256
9f5ae7544311e1c85c7452df11f0d7943f1a970f71a8d3bc7b9b062c71830242
-
SHA512
3fb2896bc20875a2359af20fdfb7593909f378625fa8fb97a64d8db6111e8e9c5e61af296620093f9e782026d6d91b662a14242ac46c593940373e74e3c26205
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-