General
-
Target
SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252
-
Size
615KB
-
Sample
201109-arlthggnxs
-
MD5
6194d6d5c247b9cb44fce201d8d9d7f4
-
SHA1
52318e5ee0869113ef1b0613ece433950a738518
-
SHA256
f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea
-
SHA512
c1e765f32bdaf14a1315fc2e9f0372f1ef3da15d3212d3fb15972500e2b6f26783a98456fc846babc5853c14c545b73ab328d786887fc3db94ac01f63c6ac564
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
spx138
spx138
https://xeemoquo.top/treusparq.php
https://leeephee.top/treusparq.php
https://withifceale.top/treusparq.php
https://wpsnoum.pw/treusparq.php
https://wsaexdig.pw/treusparq.php
Targets
-
-
Target
SecuriteInfo.com.Win32.DHFF85024D_Mw.32342.29252
-
Size
615KB
-
MD5
6194d6d5c247b9cb44fce201d8d9d7f4
-
SHA1
52318e5ee0869113ef1b0613ece433950a738518
-
SHA256
f45334733550d1ed6347c469380e55bb731def5c0c535bc81ced5a02f2cbd8ea
-
SHA512
c1e765f32bdaf14a1315fc2e9f0372f1ef3da15d3212d3fb15972500e2b6f26783a98456fc846babc5853c14c545b73ab328d786887fc3db94ac01f63c6ac564
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-