General
-
Target
SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.7862
-
Size
473KB
-
Sample
201109-1y3dbnf14j
-
MD5
4b0043e0ab37e575490d305d98e20343
-
SHA1
3ef6b54d868083188566ce50ed36e2938f11c007
-
SHA256
54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
-
SHA512
3bc2c24e835f1b3acd81e27a0ac847c956204ea4af33c77799e19ccd3cc682ae7538123ff9445f754d1d3ad2ace7840ddb6940b76bbfa3c4abc0cd2517504264
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.7862.dll
Resource
win7v20201028
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
SecuriteInfo.com.Gen.NN.ZedlaF.34128.Dy8@ayCr2pgi.7862
-
Size
473KB
-
MD5
4b0043e0ab37e575490d305d98e20343
-
SHA1
3ef6b54d868083188566ce50ed36e2938f11c007
-
SHA256
54fba19e9bdd0cdc7f3900f716e90dfa0f96c282c768747d667d2b227ccbe484
-
SHA512
3bc2c24e835f1b3acd81e27a0ac847c956204ea4af33c77799e19ccd3cc682ae7538123ff9445f754d1d3ad2ace7840ddb6940b76bbfa3c4abc0cd2517504264
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-