General
-
Target
start.EXE
-
Size
165KB
-
Sample
210801-62aax1mmaj
-
MD5
4a53c91d743e8f9b6551893011d04966
-
SHA1
04e949d7d92e86c07a1e0bc72ae39cf2f950f0d6
-
SHA256
243b5b84bb63e98fb3d54e4e1d8592c367540a79f677a464f2c2ea5491f4c90f
-
SHA512
5614a48c1007193c8b6425e7856d68aa60d8c7e2fc5a7875cb6ce92500e176b21584399eb38f1b34dda82e3880cbac1fca1882d09d8265df4107383e21c54d52
Malware Config
Extracted
zloader
ivan
ivan
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Targets
-
-
Target
start.EXE
-
Size
165KB
-
MD5
4a53c91d743e8f9b6551893011d04966
-
SHA1
04e949d7d92e86c07a1e0bc72ae39cf2f950f0d6
-
SHA256
243b5b84bb63e98fb3d54e4e1d8592c367540a79f677a464f2c2ea5491f4c90f
-
SHA512
5614a48c1007193c8b6425e7856d68aa60d8c7e2fc5a7875cb6ce92500e176b21584399eb38f1b34dda82e3880cbac1fca1882d09d8265df4107383e21c54d52
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-