General
-
Target
zloader.zip
-
Size
215KB
-
Sample
201102-m1gx5xg3qj
-
MD5
997bf3f4e1b858f437e3916a16f8571a
-
SHA1
97bdc1a1c405061eaff42380169409b7a2440376
-
SHA256
e12450755cdf85c52828a894f67f759703aaa7b11c6fbdadea7cb5ac2e05e3cd
-
SHA512
4f873bb388097ad7463c5ce40a6c91242a9b21c918fd135f8ac15b9c05cdf87db709a5806d03a55c55244245f3d967904170fc01731922b8c559ee2ddb08d88e
Malware Config
Extracted
zloader
SG
SG
http://lastcost2020.com/LKhwojehDgwegSDG/gateJKjdsh.php
http://lastcost2020.in/LKhwojehDgwegSDG/gateJKjdsh.php
http://lastcost2020.info/LKhwojehDgwegSDG/gateJKjdsh.php
http://lastcost2020.net/LKhwojehDgwegSDG/gateJKjdsh.php
http://lastcost2020.org/LKhwojehDgwegSDG/gateJKjdsh.php
Targets
-
-
Target
zloader.exe
-
Size
319KB
-
MD5
5034b55a6c699f749cccefdaf5e0f9b6
-
SHA1
ab45d5c6f15387452182628cb0a126842f695517
-
SHA256
04fc25369aa79c99f817ec025ad70a5f4cd9e1503c499e5ec42ec5f92e23c9a4
-
SHA512
b4323ecddf7fa46866fb3ff42ebaa9cb6cf7a86047058f4e8c11bd2e8b7963bd1e20d0d2e8b78b1a09188a5398af45fc0f295fc2ec7147e87b0249e3ae4c9eab
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Loads dropped DLL
-
Suspicious use of SetThreadContext
-