General
-
Target
4B6.zip
-
Size
86KB
-
Sample
201029-sr34va37an
-
MD5
7a5d89481cb711c1407ac4e9585ca4c9
-
SHA1
3734ad637b19a16fadb05cf00a154689157589cf
-
SHA256
366483d9df1e98e0b15d709f81ddd6dfa97802cf99ac29ef15da688bb34001e2
-
SHA512
7aa95c4815eec17b096e5ecc6f908211f096b64ce0008785a8de7cba7a7c7b049054c8aa262d82cfc922980c51fae636a24b0ae47320a4f7b2730e2e5240e5be
Malware Config
Extracted
zloader
DLLobnova
huidadir
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
https://dsdjfhdsufudhjas.name/gate.php
https://dsdjfhd9ddksaas.com/gate.php
https://dsdjfhdsufudhjas.pw/gate.php
https://dsdjfhd9ddksaas.ru/gate.php
https://dsdjfhdsufudhjas.su/gate.php
https://kdsadisadijdsasm2.com/gate.php
https://dsdjfhdsufudhjas.net/gate.php
https://dsdjfhd9ddksaas.eu/gate.php
Targets
-
-
Target
4B6.dll
-
Size
155KB
-
MD5
0a2b1a930b0a1fd7dc11d9f41bb421bb
-
SHA1
728714e579851c4cbe1521eeb226413b24e64dbc
-
SHA256
fce153a561e6623a3b00af6a470e75802184f2f26563d874aa3d814b4dc6ae9c
-
SHA512
30c94322d54404a53ff60c5df4175ad4ce035ac7f29edbf646cf3b52620baded3ed905d7b9423a7f14f58ad2517b188f88d7c8d160fdab63648f1d2b0036794a
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-