General
-
Target
sRjbEZvCFOESXQJ.zip
-
Size
172KB
-
Sample
201031-dth4hbrm2s
-
MD5
970fb7f81dccb26231d72a9408c12ada
-
SHA1
baa78f8e70ef50cb9c156efe477e2c87d18be820
-
SHA256
3f5d16995b125b821d56f5ba689fa5024edd25e784b0ce32440546b3cbd1c805
-
SHA512
060e8bc662a789a3b89229e89fcd062b6f255120fa256f96c3afeff2f446b3415ddc8c21b67136b13bc3dfd55c96d1fb779d9b11dc4430f639f5fb0f3fc7be49
Malware Config
Extracted
zloader
main
01.04.2020
https://postgringos.com/sound.php
https://tetraslims.com/sound.php
https://starterdatas.com/sound.php
https://nexycombats.com/sound.php
https://hibsurf.com/sound.php
https://buhismus.com/sound.php
https://spensores.com/sound.php
https://zonaa.org/sound.php
https://smoash.org/sound.php
Targets
-
-
Target
sRjbEZvCFOESXQJ.dll
-
Size
708KB
-
MD5
fcb76558dbf86a26c4bdd2811d5d06b6
-
SHA1
dabfb88a8dea9c8c258be021a3d190e145a65847
-
SHA256
81a9eb444ffc7c5a700d4da6198c2f929d0e312d38667b9d3e29740eccabca3f
-
SHA512
01f4f2457a7660fed51afb1b99f856eaae1398d4e8291c91adf1fdd7343f68e16a18d6e3054f2c6d063b785b51ccc3da4da6aae3544a697902aa70716ad96471
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-