General
-
Target
dws.dll
-
Size
664KB
-
Sample
201109-b6wl3kgmsa
-
MD5
b5009fa4759ad978c438232d613c8ba0
-
SHA1
e8980445b432b6bd8d73c6cc5c1353966b37d114
-
SHA256
0eb287052bad63c28c2ddb52722b87a40331cb41806e494cd4d83c8b409c6178
-
SHA512
67c1dda03ce6a495a30749843e207e067ee5a372714944f346f78df61cc04ef7f95fe2cfb0077653c695112dac7eccd54b6c93da447cbffb07577333afb384f3
Static task
static1
Behavioral task
behavioral1
Sample
dws.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dws.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
dws.dll
-
Size
664KB
-
MD5
b5009fa4759ad978c438232d613c8ba0
-
SHA1
e8980445b432b6bd8d73c6cc5c1353966b37d114
-
SHA256
0eb287052bad63c28c2ddb52722b87a40331cb41806e494cd4d83c8b409c6178
-
SHA512
67c1dda03ce6a495a30749843e207e067ee5a372714944f346f78df61cc04ef7f95fe2cfb0077653c695112dac7eccd54b6c93da447cbffb07577333afb384f3
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-