General
-
Target
zizi.rar
-
Size
717KB
-
Sample
211004-1xf98ahae7
-
MD5
d58e0fd8841767273f735ff5f6058335
-
SHA1
3874270a7e4b14abdff93696283010a18be18db8
-
SHA256
c3a74bd00279c7a9eb6827badb8360e23fd9f290740edfc4cc24848b617f0203
-
SHA512
bdebe017bd9964003f4691370c88d0e1b72e67d8776008723fd5391dabb78c25959b710865e5d803c3157f11305a60f0e0e85c34c05c3927eda62c1ee1250103
Static task
static1
Malware Config
Extracted
zloader
123
123
http://gipc.in/post.php
http://fbhindia.com/post.php
http://ecolenefiber.com/post.php
http://design.ecolenefiber.com/post.php
http://beta.marlics.ir/post.php
http://hari.pk/post.php
http://iaiskjmalang.ac.id/post.php
http://314xd.com/post.php
http://ejournal.iaiskjmalang.ac.id/post.php
http://duanvn.com/post.php
Targets
-
-
Target
phiasko.bat
-
Size
58B
-
MD5
be4bfd95cabbf2a7b68530e629645282
-
SHA1
e394c4eea18ee4016c1b43111760fe041f0ab14f
-
SHA256
ab443b30acfb9fe983f631a79d4c6fc481208b98cef934cfc91e6f83bba1c52d
-
SHA512
c6e7316671e5cd053adca5cd779a90149ed375321e2cab7d63657f308c41a8cbda42c8009da08cea519da72df34400813d5c1a0bd3f923510b632adc09793dcc
-
Registers COM server for autorun
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-