General
-
Target
k.php
-
Size
554KB
-
Sample
210125-kgb3swyhq2
-
MD5
48f3bf2aad96b4893e873cf82d170f54
-
SHA1
ef34b6817e4142000cf512ed063fbc2beadf5be8
-
SHA256
c5a07a557082018c4b3526b12e681182d7e489ce22e90c2b4f68feae5f93d4d0
-
SHA512
1f7cf4b33257490cab2510644bb27adfec039df43c51ab9f860ebeaddc1f523d15169deb1dda32d0ce02fe19ac842c9dceabe8833df7f0a98748d18e508ccb81
Static task
static1
Behavioral task
behavioral1
Sample
k.php.dll
Resource
win7v20201028
Malware Config
Extracted
zloader
kev
25/01
https://sadnan.com/post.php
https://www.isds.com.my/post.php
https://nawirifarm.co.ke/post.php
https://dev01.perdiscoo.com/post.php
https://ingenieriaoasisdebc.com/post.php
https://brinitezcresan.gq/post.php
Targets
-
-
Target
k.php
-
Size
554KB
-
MD5
48f3bf2aad96b4893e873cf82d170f54
-
SHA1
ef34b6817e4142000cf512ed063fbc2beadf5be8
-
SHA256
c5a07a557082018c4b3526b12e681182d7e489ce22e90c2b4f68feae5f93d4d0
-
SHA512
1f7cf4b33257490cab2510644bb27adfec039df43c51ab9f860ebeaddc1f523d15169deb1dda32d0ce02fe19ac842c9dceabe8833df7f0a98748d18e508ccb81
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-