General
-
Target
dws.dll
-
Size
664KB
-
Sample
201109-wn8e68sfnj
-
MD5
3adaa567c12f5d074d6412e5a9d58df0
-
SHA1
ee172da3e91ac9fdfb1b3c5bb75459abb84e61cf
-
SHA256
73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e
-
SHA512
09676d10f4b516c26cdca322abbff61a7574ec717315583ac264408f81470b0b2240f70922358856eb29b0e1b2c65b3ff1163fdd89e5231ecd652d3415d6a282
Static task
static1
Behavioral task
behavioral1
Sample
dws.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
dws.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
bot5
bot5
https://militanttra.at/owg.php
Targets
-
-
Target
dws.dll
-
Size
664KB
-
MD5
3adaa567c12f5d074d6412e5a9d58df0
-
SHA1
ee172da3e91ac9fdfb1b3c5bb75459abb84e61cf
-
SHA256
73abd3856eaa081063998925894e6a335b1ef4a79434eddd312ef15cccf2360e
-
SHA512
09676d10f4b516c26cdca322abbff61a7574ec717315583ac264408f81470b0b2240f70922358856eb29b0e1b2c65b3ff1163fdd89e5231ecd652d3415d6a282
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-