General
-
Target
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2.zip
-
Size
245KB
-
Sample
210302-ahw9d2668e
-
MD5
a523b48d1b183b112d80bd746aa0e19e
-
SHA1
cf4bd491b403897d3279249e33877c7dcf5b2da4
-
SHA256
9784ec7c983a246dc3f25270cc2ddfe7bdbaf7dd4c1b13dba20a0019266beed6
-
SHA512
bd01508eff5f66b17d97c0ba589d49db5870640f01ca06d739c3253e3c365ec8df5d5ec989c731ef520b9136689c486afbb262f42add204a58b42e069e1d9ab1
Static task
static1
Behavioral task
behavioral1
Sample
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2.dll
Resource
win7v20201028
Malware Config
Extracted
zloader
kev
08/02
https://earfetti.com/post.php
https://evalynews.com/post.php
https://zeistatwalk.tk/post.php
https://spiraninendreamneu.tk/post.php
Targets
-
-
Target
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2.dll
-
Size
362KB
-
MD5
d2852a3b2a20846528cec53426fd5f9c
-
SHA1
1fa892f9280708e7c82e958bec516bb2b09351f3
-
SHA256
8e50da51386c2f267afaf1a419e4467d62c01c9704f0e17c4aa188d0c090c8b2
-
SHA512
247fae9f2c9bdca9d7eb4f44996e7e28d2cd9b7c87ea05a15b72ecb073750c8d9199d585771366687c43d802eb474e9486bb328d2984abeb4aacee62916ca2b6
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-