General
-
Target
start.EXE
-
Size
165KB
-
Sample
210726-tfdgxfnet6
-
MD5
95abe912bb579d445f4b2cc30c6e3750
-
SHA1
4f8ddf498f7dceb9a5d32de909ced0518f697ef0
-
SHA256
cbc445b9882192d8cb8c62c6a5231e6efedcb5d60b610fcb1147a943c2a83e21
-
SHA512
515e6c8b08fceb21153ec4df5a7a21d283da135d4aed0116420b6dec59ec1168cf6ef7a12fd593fb5f492de0f7e180d15405a57dd0484859c3c3d7a4db54115e
Malware Config
Extracted
zloader
vasja
vasja
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Targets
-
-
Target
start.EXE
-
Size
165KB
-
MD5
95abe912bb579d445f4b2cc30c6e3750
-
SHA1
4f8ddf498f7dceb9a5d32de909ced0518f697ef0
-
SHA256
cbc445b9882192d8cb8c62c6a5231e6efedcb5d60b610fcb1147a943c2a83e21
-
SHA512
515e6c8b08fceb21153ec4df5a7a21d283da135d4aed0116420b6dec59ec1168cf6ef7a12fd593fb5f492de0f7e180d15405a57dd0484859c3c3d7a4db54115e
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Adds Run key to start application
-