General
-
Target
4A44.zip
-
Size
162KB
-
Sample
201030-9vldlwv2as
-
MD5
50013e32d8ae5acd39cf70d1bbf345ea
-
SHA1
fc67d2fbe30c94e0f70d2b55a9f3349c3258def6
-
SHA256
ce6b1f7e040f5c6470249fff31470d21b56b9443f91cf930cf450bc8bbcc6dc2
-
SHA512
346c936fc7d492dccd7e1ce34da5d5789e9b0a0bcbc56c532f592c4366b883a8f819f9079b7f0cf7884ec7d413b34da96d0b48abdb3a90f00641616638d6b0fe
Malware Config
Extracted
zloader
DLLobnova
mrlapis
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
https://dsdjfhdsufudhjas.name/gate.php
https://dsdjfhd9ddksaas.com/gate.php
https://dsdjfhdsufudhjas.pw/gate.php
https://dsdjfhd9ddksaas.ru/gate.php
https://dsdjfhdsufudhjas.su/gate.php
https://kdsadisadijdsasm2.com/gate.php
https://dsdjfhdsufudhjas.net/gate.php
https://dsdjfhd9ddksaas.eu/gate.php
Targets
-
-
Target
4A44.dll
-
Size
240KB
-
MD5
28d032b4df55d51608542d1e7ba25fcb
-
SHA1
99253bf06887ef18e0a6e56ec2ede6a00e20f51b
-
SHA256
2dbcd5f55783002240c9937cf50e23edc37905b08ed568ffe92347802fd8e219
-
SHA512
4afe271583fc80d1333f3116b4fe33aac80a326a865fcd58a781755677d07d41d4d65223d078490c4e900a72f821b37b89c384b617ca14d9d1c431fa555aeb2d
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-