General
-
Target
SecuriteInfo.com.Win32.Kryptik.HDZG.5446
-
Size
473KB
-
Sample
201109-1t1t8rpf62
-
MD5
e76dad3a8fe7000af5dd7d61439a9b56
-
SHA1
5917db865e2e0ffadc6572da0c60b3e31860269b
-
SHA256
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
-
SHA512
6f648fffbb46c32543555e98419af86de28ea6c2b61fe59a71413d95c7f3eb2fbea01a87883eee37290787569c9e07af84144b82969ad59d27313ef5d7e38168
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
SecuriteInfo.com.Win32.Kryptik.HDZG.5446
-
Size
473KB
-
MD5
e76dad3a8fe7000af5dd7d61439a9b56
-
SHA1
5917db865e2e0ffadc6572da0c60b3e31860269b
-
SHA256
0eb381723057cbec531c209a0b5dca273d5c05ca5832b4d7baa2447d32e861cf
-
SHA512
6f648fffbb46c32543555e98419af86de28ea6c2b61fe59a71413d95c7f3eb2fbea01a87883eee37290787569c9e07af84144b82969ad59d27313ef5d7e38168
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-