General
-
Target
4722359f79b6a7f7738b8444b8bf6f61f0ac171bd50243ffccdfbc0a1ebcddcd.zip
-
Size
107KB
-
Sample
210304-gpc4v2g34n
-
MD5
927713b741d66cbf5bd4a0fa9cef0877
-
SHA1
3377592b1962d1d94b6fd7a75ebee6b2526a791f
-
SHA256
df451db66ebd05e1b23cc6dd75651f29e13663ba54617a95fdfe18d58677e7ae
-
SHA512
1b5533153a172cc6ba12cdc5db782fcbaea9f49bc8383ee62f5702465c59228f0839f6603be820fa9ac514c92721dd49a678a0e853d639c63e577d3b527b2841
Malware Config
Extracted
zloader
banking
banking
https://iloveyoubaby1.pro/gate.php
https://idsakjfsanfaskj.com/gate.php
https://fslakdasjdnsasjsj.com/gate.php
https://dksadjsahnfaskmsa.com/gate.php
https://dskdsajdsahda.info/gate.php
https://dskdsajdsadasda.info/gate.php
https://dskjdsadhsahjsas.info/gate.php
https://dsjadjsadjsadjafsa.info/gate.php
https://fsakjdsafasifkajfaf.pro/gate.php
https://djsadhsadsadjashs.pro/gate.php
Targets
-
-
Target
4722359f79b6a7f7738b8444b8bf6f61f0ac171bd50243ffccdfbc0a1ebcddcd.dll
-
Size
176KB
-
MD5
096a438e0e5d01b9646c19d45c0c063f
-
SHA1
8c6cd17823e9aa7a266cbbb89a7a5dee99b9cbad
-
SHA256
4722359f79b6a7f7738b8444b8bf6f61f0ac171bd50243ffccdfbc0a1ebcddcd
-
SHA512
8fbfc073cb2e5285e4eb6a4b19822e77233af1c9f621374a2029e7e540ab430262164506227e82058df8c364d300d6d9c059416301de7a77e585756b98fb4be3
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-