General
-
Target
42a3e6ae86fe540cfc106f4edc55eccc.exe
-
Size
165KB
-
Sample
210812-adetp8j6nj
-
MD5
42a3e6ae86fe540cfc106f4edc55eccc
-
SHA1
5a43baf8b4e0150ad0228a13da2000311f36f823
-
SHA256
7ba99f8f77a2e660f1837cad9d169ccf892154da5b2651e4e6e66efddd61944c
-
SHA512
25d05657f8f927c438ff5240f9f29e8c695e13e8664e822f729c01055026b2ef66ccbebadc0931d5ba488ff369c6dbd1c09055b99ea0f374a37ff6c3bca665c4
Malware Config
Extracted
zloader
vasja
vasja
https://iqowijsdakm.com/gate.php
https://wiewjdmkfjn.com/gate.php
https://dksaoidiakjd.com/gate.php
https://iweuiqjdakjd.com/gate.php
https://yuidskadjna.com/gate.php
https://olksmadnbdj.com/gate.php
https://odsakmdfnbs.com/gate.php
https://odsakjmdnhsaj.com/gate.php
https://odjdnhsaj.com/gate.php
https://odoishsaj.com/gate.php
Targets
-
-
Target
42a3e6ae86fe540cfc106f4edc55eccc.exe
-
Size
165KB
-
MD5
42a3e6ae86fe540cfc106f4edc55eccc
-
SHA1
5a43baf8b4e0150ad0228a13da2000311f36f823
-
SHA256
7ba99f8f77a2e660f1837cad9d169ccf892154da5b2651e4e6e66efddd61944c
-
SHA512
25d05657f8f927c438ff5240f9f29e8c695e13e8664e822f729c01055026b2ef66ccbebadc0931d5ba488ff369c6dbd1c09055b99ea0f374a37ff6c3bca665c4
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Modifies Windows Firewall
-
Loads dropped DLL
-
Adds Run key to start application
-