General
-
Target
wwf[1].bin
-
Size
2.3MB
-
Sample
201109-etppewrhv2
-
MD5
f18334d87221ecb0fb12405814c21912
-
SHA1
2875140558c0c17a259ff2d731e5e4a0a823108a
-
SHA256
0263c76856472535f8441f582dac011dbf52f965086f9e59a6930c00b2106073
-
SHA512
fa96425f2402803b7c34ea27211c33257224f65966cb42c651fa688bc131bbae6dbf7fc743eb055398fc2e4a0841a17ff31097346c4666ba39607e974c22ae2d
Malware Config
Extracted
zloader
bot7
bot7
https://militanttra.at/owg.php
Targets
-
-
Target
wwf[1].bin
-
Size
2.3MB
-
MD5
f18334d87221ecb0fb12405814c21912
-
SHA1
2875140558c0c17a259ff2d731e5e4a0a823108a
-
SHA256
0263c76856472535f8441f582dac011dbf52f965086f9e59a6930c00b2106073
-
SHA512
fa96425f2402803b7c34ea27211c33257224f65966cb42c651fa688bc131bbae6dbf7fc743eb055398fc2e4a0841a17ff31097346c4666ba39607e974c22ae2d
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-