General
-
Target
temp.dll
-
Size
475KB
-
Sample
210107-f6we4dkpgx
-
MD5
8f1c25c81a61dc6d7e0ed8066436add5
-
SHA1
8010bf81c3acb3d45f2f51dd153aad16fd5f2e34
-
SHA256
9b281a8220a6098fefe1abd6de4fc126fddfa4f08ed1b90d15c9e0514d77e166
-
SHA512
8b983cd1661ce6701ef9ac015d7d34d7011b87b01227ba0e763fdc00879a30edffe98fa7937831baacabfd5c1ec534a4556151bb13a2f0cacba3426754bd9449
Static task
static1
Behavioral task
behavioral1
Sample
temp.dll
Resource
win7v20201028
Malware Config
Extracted
zloader
Jho
25/03
https://wgyvjbse.pw/milagrecf.php
https://botiq.xyz/milagrecf.php
Targets
-
-
Target
temp.dll
-
Size
475KB
-
MD5
8f1c25c81a61dc6d7e0ed8066436add5
-
SHA1
8010bf81c3acb3d45f2f51dd153aad16fd5f2e34
-
SHA256
9b281a8220a6098fefe1abd6de4fc126fddfa4f08ed1b90d15c9e0514d77e166
-
SHA512
8b983cd1661ce6701ef9ac015d7d34d7011b87b01227ba0e763fdc00879a30edffe98fa7937831baacabfd5c1ec534a4556151bb13a2f0cacba3426754bd9449
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-