General
-
Target
2d742c7cfeab4431589c2516392b52a02a1b7b9816d399b62824accf4bcd59e1.dll
-
Size
278KB
-
Sample
201105-5ddpd3tj7s
-
MD5
b169aa7731c4afba6e9126da8d34417c
-
SHA1
60acfbd81d9012e1279a44c1ca8c81aaee36c086
-
SHA256
2d742c7cfeab4431589c2516392b52a02a1b7b9816d399b62824accf4bcd59e1
-
SHA512
4aca3e1f14ab63e1de9e986b87d860608db18b5bacc6980a6a65e11d59eaf6811227f3187b4d4985afacbe813765b0447ef56be5067cd9258d4ee1c727ae3a1b
Static task
static1
Malware Config
Extracted
zloader
usa
oct29USA
http://wingtonwelbemdon.com/web/post.php
http://donburitimesofindia.com/web/post.php
http://celtictimesofkarishan.com/web/post.php
http://welcometothehotelsoflifes.com/web/post.php
http://wheredidtheelllcctoncsgo.com/web/post.php
http://myworld2002020999.com/web/post.php
Targets
-
-
Target
2d742c7cfeab4431589c2516392b52a02a1b7b9816d399b62824accf4bcd59e1.dll
-
Size
278KB
-
MD5
b169aa7731c4afba6e9126da8d34417c
-
SHA1
60acfbd81d9012e1279a44c1ca8c81aaee36c086
-
SHA256
2d742c7cfeab4431589c2516392b52a02a1b7b9816d399b62824accf4bcd59e1
-
SHA512
4aca3e1f14ab63e1de9e986b87d860608db18b5bacc6980a6a65e11d59eaf6811227f3187b4d4985afacbe813765b0447ef56be5067cd9258d4ee1c727ae3a1b
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Blacklisted process makes network request
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Modifies service
-
Suspicious use of SetThreadContext
-