General
-
Target
2020-08-27-Zloader.zip
-
Size
315KB
-
Sample
201223-rwla5lxa2n
-
MD5
96ccb37d149063f85e97c7f018dba897
-
SHA1
3529d020e9c3539f5bd791be3b07e8b5a0e1f371
-
SHA256
aabeeea5f503e44db8a0bc6b460f8283325b7c7d2fec030157ed7629d5db335d
-
SHA512
fcb45d2ff9c94a0c8e348b11e92895e47e08ecb4caccb120265d5995e2d9d44c773277d7f5ccbbb71c8c8ff7fc2fe3ba8dec3230eeee5216190243d3eee6db03
Static task
static1
Behavioral task
behavioral1
Sample
gofoybuq.exe
Resource
win7v20201028
Behavioral task
behavioral2
Sample
gofoybuq.exe
Resource
win10v20201028
Malware Config
Extracted
zloader
SG
SG
http://as9897234135.xyz/LKhwojehDgwegSDG/gateJKjdsh.php
http://as9897234135.org/LKhwojehDgwegSDG/gateJKjdsh.php
http://as9897234135.net/LKhwojehDgwegSDG/gateJKjdsh.php
http://as9897234135.in/LKhwojehDgwegSDG/gateJKjdsh.php
http://as9897234135.com/LKhwojehDgwegSDG/gateJKjdsh.php
Targets
-
-
Target
gofoybuq.exe
-
Size
495KB
-
MD5
23f46600a01ee95f55e6ff51b5e1d5cb
-
SHA1
e078d10aa17c7f17b4d1ac26dfcafcc881af4098
-
SHA256
03f38a24c51546f0945dcf5a6a7383fe5568918d37e461d062e195604d85660f
-
SHA512
358f205da2b67b885596fc0fa8919d5a5782c4d656fef2be92e2a0e85a1cd2f79c69d1ad71dbb54acff84dee316faddf3efaffc017b4feb39d049f498c50bcce
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Suspicious use of SetThreadContext
-