General
-
Target
gbs.dll
-
Size
490KB
-
Sample
201109-nbn7eh53ha
-
MD5
bede6db9d5f81e96c963798aa4effd8e
-
SHA1
d98f97ad168f686b54a7631a2c6f87690e3bafa3
-
SHA256
77df6d4908673af83901b67e730abd9a871ee86f7cda058ae25221056cec771e
-
SHA512
3b4d89bd72b9d0e88171342e8896555720726f11dd83f60b850e811fa7b9f0e86e7b114bfa4d376e3053cea50d323b94cf1a8c6a6f83c60dc5234967ce6b6564
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
gbs.dll
-
Size
490KB
-
MD5
bede6db9d5f81e96c963798aa4effd8e
-
SHA1
d98f97ad168f686b54a7631a2c6f87690e3bafa3
-
SHA256
77df6d4908673af83901b67e730abd9a871ee86f7cda058ae25221056cec771e
-
SHA512
3b4d89bd72b9d0e88171342e8896555720726f11dd83f60b850e811fa7b9f0e86e7b114bfa4d376e3053cea50d323b94cf1a8c6a6f83c60dc5234967ce6b6564
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-