General
-
Target
kFQR.dll
-
Size
277KB
-
Sample
201031-8cwbaek9f6
-
MD5
fd0a2b6c6203e4b56d8c73f6323d5d68
-
SHA1
e87f8d9f7e768f4169355ffda625a80f0e00decb
-
SHA256
a4711adb921498e7c74af3fd05daaa525f261e7044d457e905dad66767e5b8b4
-
SHA512
85bc1fd3fba441bbb67d6b75c3f058f2acec396299a012bc0c4ba5c1a5a105c712c54f258a58dc5ef2ef7789a58227d4ce99d14f53ceaf5c3cebdd44fe930c3a
Malware Config
Extracted
zloader
nut
30/10
https://creditoacumuladoicms.com.br/npnegt.php
https://morgadoent.co.za/fp3jsl.php
https://access-one.us/clkgmw.php
https://amazonuniverse.in/dgxcee.php
https://ntandingsundhosmala.tk/wp-smarts.php
Targets
-
-
Target
kFQR.dll
-
Size
277KB
-
MD5
fd0a2b6c6203e4b56d8c73f6323d5d68
-
SHA1
e87f8d9f7e768f4169355ffda625a80f0e00decb
-
SHA256
a4711adb921498e7c74af3fd05daaa525f261e7044d457e905dad66767e5b8b4
-
SHA512
85bc1fd3fba441bbb67d6b75c3f058f2acec396299a012bc0c4ba5c1a5a105c712c54f258a58dc5ef2ef7789a58227d4ce99d14f53ceaf5c3cebdd44fe930c3a
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Modifies service
-
Suspicious use of SetThreadContext
-