General
-
Target
temp.bin
-
Size
380KB
-
Sample
201218-6meazzw55e
-
MD5
e0af3054669d6232870b87e1e239a689
-
SHA1
f0aa6e50471e70d07a1b70207f38538cb31ed569
-
SHA256
f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
-
SHA512
1574e2aca2415a90677053da5f625d4a9e3bb2e85362cc7acc7b6430a35eb889883da1fda694d79ee38349fee01b5843d0717d864e2d801302755188308d513f
Static task
static1
Behavioral task
behavioral1
Sample
temp.bin.dll
Resource
win7v20201028
Malware Config
Extracted
zloader
kev
11/12
https://www.businessinsurancelaw.com/wp-punch.php
https://squire.ae/wp-punch.php
https://lamun.pk/wp-punch.php
https://www.rcclabbd.com/wp-punch.php
https://thecype.com/wp-punch.php
https://theterteboltallbrow.tk/wp-smarts.php
Targets
-
-
Target
temp.bin
-
Size
380KB
-
MD5
e0af3054669d6232870b87e1e239a689
-
SHA1
f0aa6e50471e70d07a1b70207f38538cb31ed569
-
SHA256
f8503947e0e984865a29d1e3f8a62ce7034069f49c2a2dd902af68274f192224
-
SHA512
1574e2aca2415a90677053da5f625d4a9e3bb2e85362cc7acc7b6430a35eb889883da1fda694d79ee38349fee01b5843d0717d864e2d801302755188308d513f
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-