General
-
Target
ebook_29.10.20.exe
-
Size
310KB
-
Sample
201029-sfamlcy2aj
-
MD5
cd1f5e41d727816c6ca5e6c073130df4
-
SHA1
5d9a72b2b721aa7834d3f3bb07225ce48d4bc3fb
-
SHA256
a1297a535f5ac9ca22d8c1200098eb01e16860ef3c840457f98000ac6a5087cc
-
SHA512
4f88ce58d61fa0eb4fc8ad2ce068a3044bcc7f205819cab5c39a998147f034869994c849ee022b487d3708d62167cc766d406e4310d301be1e51b1b1a7f3c588
Malware Config
Extracted
zloader
r1
r1
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php
https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php
https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
Targets
-
-
Target
ebook_29.10.20.exe
-
Size
310KB
-
MD5
cd1f5e41d727816c6ca5e6c073130df4
-
SHA1
5d9a72b2b721aa7834d3f3bb07225ce48d4bc3fb
-
SHA256
a1297a535f5ac9ca22d8c1200098eb01e16860ef3c840457f98000ac6a5087cc
-
SHA512
4f88ce58d61fa0eb4fc8ad2ce068a3044bcc7f205819cab5c39a998147f034869994c849ee022b487d3708d62167cc766d406e4310d301be1e51b1b1a7f3c588
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Modifies service
-
Suspicious use of SetThreadContext
-