General
-
Target
1255.zip
-
Size
184KB
-
Sample
201102-t38ga6lpde
-
MD5
7f466a68e9425fc989a164a4f1e8239a
-
SHA1
c2afb9f3f8ff438818bdce9938dd0bf436d8c8da
-
SHA256
cfc1944acff90935f9c7e42939d6384dfeaac9c9e481314b97b2033238d9c83f
-
SHA512
b2ae2c8703697e7438cdb7396d70c9a384cd68f040d94dfae5c861264a1a6548e01eb104d47775ed9381e8a31667eacbc7bf9a109755fb32414d6f4aeddd8665
Malware Config
Extracted
zloader
DLLobnova
cookiesfix
https://fdsjfjdsfjdsdsjajjs.com/gate.php
https://idisaudhasdhasdj.com/gate.php
https://dsjdjsjdsadhasdas.com/gate.php
https://dsdjfhdsufudhjas.com/gate.php
https://dsdjfhdsufudhjas.info/gate.php
https://fdsjfjdsfjdsdsjajjs.info/gate.php
https://idisaudhasdhasdj.info/gate.php
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
Targets
-
-
Target
1255.dll
-
Size
314KB
-
MD5
d31b05ee7a806f3ffa827a4586478e92
-
SHA1
ec614f83758247b25d5699013a8dd7bf7f597bf2
-
SHA256
10fef4095658c0e9ace83a11bf287add9a36d30fb4b037fc89f3e32388e6f652
-
SHA512
559a69b92ccda30a79f33e0b967c269c5ce8d377a648514bb45af86c909c5c784a461da8c1e940a06f5cc2d3e7020b97f98c71da6cb886a2d308102814a8f177
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blacklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-