General
-
Target
scfrd.dll
-
Size
912KB
-
Sample
210126-y1r6t2qmr6
-
MD5
b0f3fa047f6ae39a145fd364f693638e
-
SHA1
1951696d8aca4a31614bb68f9da392402785e14e
-
SHA256
0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
-
SHA512
86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98
Static task
static1
Behavioral task
behavioral1
Sample
scfrd.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
scfrd.dll
Resource
win10v20201028
Malware Config
Extracted
zloader
kev
26/01
https://gadgetswolf.com/post.php
https://homesoapmolds.com/post.php
https://govemedico.tk/post.php
Targets
-
-
Target
scfrd.dll
-
Size
912KB
-
MD5
b0f3fa047f6ae39a145fd364f693638e
-
SHA1
1951696d8aca4a31614bb68f9da392402785e14e
-
SHA256
0bf22b8f9aaef21afe71fcbbea62325e7582dad410b0a537f38a9eb8e6855890
-
SHA512
86e4516705380617a9f48b2e1cd7d9e676439398b802eb6047cd478d4b10bf8f4ba20e019f337b01761fa247cd631ccab22851f078089c2e1c61574bca9f5b98
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-