General
-
Target
VrSiekwRtfHPpfg.zip
-
Size
147KB
-
Sample
201030-5r591m4z3s
-
MD5
50068e2f9929b59d1ddec2fa99541ec0
-
SHA1
20be8bf291951cbbb6968add243935811a09530d
-
SHA256
982f7500758a88830ac99f1757113ada4d64178185a2b99a9c790d650eeae69a
-
SHA512
3f08a428a954befb0dfc7d43e7d2a31e083ad99655a27f90d95ee74bc6d870d1afe652e216eb5084c7e83c4a0054a620e3b72a2e9037b8f898e1e3db1e84ab09
Malware Config
Extracted
zloader
main
29.03.2020
https://postgringos.com/sound.php
https://tetraslims.com/sound.php
https://greenrumba.com/sound.php
https://starterdatas.com/sound.php
https://nexycombats.com/sound.php
https://peermems.com/sound.php
https://fotonums.com/sound.php
https://hibsurf.com/sound.php
https://buhismus.com/sound.php
https://spensores.com/sound.php
Targets
-
-
Target
VrSiekwRtfHPpfg.dll
-
Size
829KB
-
MD5
24f98dee17042e0bd3f723f7bbfa839f
-
SHA1
10123cbacb225b078c8e0a847da9e020bc0119e1
-
SHA256
8542bf1c3c7532f11fc39b4b6a20a08ef5bd0c8d42e3262028d4ffdbc5aa88f8
-
SHA512
0db0794e2547015695e40db1d419c944f1d955aa3f3ae3b673900f995b9a45126097f4a6a6029dbe7bfb87ed694bc024f720b05172332b1f41a8600a8bfd3b6f
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-