General
-
Target
emgaucb.zip
-
Size
85KB
-
Sample
201030-8tatj1qptn
-
MD5
546c3667481d46c74a252e86c7827c32
-
SHA1
66ca07a4401152868dbea78b5aceb3167f180d57
-
SHA256
263864ca69a91ebfdfff0db6d044cd597198362ed4da830d260b142c4fe6f7c4
-
SHA512
03046d89559c542f52c53f449e9defd73ac7c10e595ff08b696fc68db0e9f36ed91ce9c4681336b1aa03d85675f320ec00620442eede5937730977d675976de4
Static task
static1
Behavioral task
behavioral1
Sample
emgaucb.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
emgaucb.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
DLLobnova
02.09.2020dll
https://fqnvtmqsywublocpheas.ru/gate.php
https://fqnvtmqsywublocpheas.su/gate.php
https://fqnvtmqsywublocpheas.eu/gate.php
https://fqnvtmqsywuikdjsmasablocpheas.eu/gate.php
https://fqnssvtmqsywufblocpheas.eu/gate.php
https://fqnvtmqsywublfocpheas.eu/gate.php
https://fqnvtmqsyfwublocpheas.eu/gate.php
https://fqnvtmqsywubflocpheas.eu/gate.php
Targets
-
-
Target
emgaucb.dll
-
Size
152KB
-
MD5
b035e24d80b7460ead4a95d0894ec36d
-
SHA1
d7e1da5a2e7c8655781806f74f7d5d71112ada88
-
SHA256
9f5ae7544311e1c85c7452df11f0d7943f1a970f71a8d3bc7b9b062c71830242
-
SHA512
3fb2896bc20875a2359af20fdfb7593909f378625fa8fb97a64d8db6111e8e9c5e61af296620093f9e782026d6d91b662a14242ac46c593940373e74e3c26205
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-