General
-
Target
da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
-
Size
788KB
-
Sample
220201-d533magfe2
-
MD5
25c4f6ec3f18c71bf9639746b8fe9567
-
SHA1
9ff48900feed1f2433b3ef1610a5fc2b438152de
-
SHA256
da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
-
SHA512
35120b078971e74f473d19fc5f65bd4fe925ff05a00dac080b6a98ceeb1409ce6e2b6757d282559f21fe24e9ee8c95e90a5289e30602ab88203cd0432827637e
Malware Config
Extracted
zloader
main
27.03.2020
https://hustlertest.com/sound.php
https://dandycodes.com/sound.php
https://sandyfotos.com/sound.php
https://postgringos.com/sound.php
https://tetraslims.com/sound.php
https://greenrumba.com/sound.php
https://starterdatas.com/sound.php
https://nexycombats.com/sound.php
https://peermems.com/sound.php
https://fotonums.com/sound.php
-
build_id
29
Targets
-
-
Target
da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
-
Size
788KB
-
MD5
25c4f6ec3f18c71bf9639746b8fe9567
-
SHA1
9ff48900feed1f2433b3ef1610a5fc2b438152de
-
SHA256
da164dc8c1baf31539335b6a14ca2f14cc0f8a4a39523479290437d0810b82e3
-
SHA512
35120b078971e74f473d19fc5f65bd4fe925ff05a00dac080b6a98ceeb1409ce6e2b6757d282559f21fe24e9ee8c95e90a5289e30602ab88203cd0432827637e
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-