General
-
Target
ycof.exe
-
Size
1.1MB
-
Sample
211005-xde19sacb2
-
MD5
54a3bcca6b1eb92adb299a46df941826
-
SHA1
6988e010056d88985b8e8f8de06706327779d3ca
-
SHA256
c4ab81d7b7d44dd6dfc4f2b69dbe3f22fbf23c1ae49ab8edac2d26f85ae4514d
-
SHA512
4e4f10abf8a97f649060cb3eaa125a487141a42b87d2dc1449d87531d927031279bd7b48a3859ffa8f5d4400deea77022ecb00c61de8511756dc9c0d27e3f150
Static task
static1
Malware Config
Extracted
zloader
123
123
http://gipc.in/post.php
http://fbhindia.com/post.php
http://ecolenefiber.com/post.php
http://design.ecolenefiber.com/post.php
http://beta.marlics.ir/post.php
http://hari.pk/post.php
http://iaiskjmalang.ac.id/post.php
http://314xd.com/post.php
http://ejournal.iaiskjmalang.ac.id/post.php
http://duanvn.com/post.php
Targets
-
-
Target
ycof.exe
-
Size
1.1MB
-
MD5
54a3bcca6b1eb92adb299a46df941826
-
SHA1
6988e010056d88985b8e8f8de06706327779d3ca
-
SHA256
c4ab81d7b7d44dd6dfc4f2b69dbe3f22fbf23c1ae49ab8edac2d26f85ae4514d
-
SHA512
4e4f10abf8a97f649060cb3eaa125a487141a42b87d2dc1449d87531d927031279bd7b48a3859ffa8f5d4400deea77022ecb00c61de8511756dc9c0d27e3f150
-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Blocklisted process makes network request
-
Modifies Installed Components in the registry
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetThreadContext
-