General
-
Target
zte.bin
-
Size
473KB
-
Sample
201109-e77c1m2x4x
-
MD5
0ba3f22406dc38665964ce5ee30f6909
-
SHA1
ff17558c5b8a5bcd47797e1f79dc39a59c6ed29b
-
SHA256
aa50192a745ed41728a8f5f4519466c072656ccbbe4a789ef2150ecb2e407789
-
SHA512
c0aca848c0f4992fda269319ffc7dd63db65025d7ef493507bc235ab2a5d135c798d6e7fb362845c191a78f6037d43716458b09f8bacd8693a756c79cee5fad3
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
zte.bin
-
Size
473KB
-
MD5
0ba3f22406dc38665964ce5ee30f6909
-
SHA1
ff17558c5b8a5bcd47797e1f79dc39a59c6ed29b
-
SHA256
aa50192a745ed41728a8f5f4519466c072656ccbbe4a789ef2150ecb2e407789
-
SHA512
c0aca848c0f4992fda269319ffc7dd63db65025d7ef493507bc235ab2a5d135c798d6e7fb362845c191a78f6037d43716458b09f8bacd8693a756c79cee5fad3
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-