General
-
Target
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
-
Size
489KB
-
Sample
220201-g4ekesaabl
-
MD5
773ddf5b1f3c6aed86f5a6d5e47d6cf0
-
SHA1
6b78117fdebf7ecd999bed5c80c1eedad38d7307
-
SHA256
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
-
SHA512
b93ffe3295f70b0e6983e2464809586bae36f46057728a1118f0e55ab5aa41e8e8bf598d32075ea6250136332fe3fce2ec62a183d1a549b811bfac44177d1d08
Malware Config
Extracted
zloader
NNN
NNN
http://marchadvertisingnetwork4.com/post.php
http://march262020.best/post.php
http://march262020.club/post.php
http://march262020.com/post.php
http://march262020.live/post.php
http://march262020.network/post.php
http://march262020.online/post.php
http://march262020.site/post.php
http://march262020.store/post.php
http://march262020.tech/post.php
-
build_id
79
Targets
-
-
Target
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
-
Size
489KB
-
MD5
773ddf5b1f3c6aed86f5a6d5e47d6cf0
-
SHA1
6b78117fdebf7ecd999bed5c80c1eedad38d7307
-
SHA256
5a9ce6e613360c55e18d082a1279a83bf7a36e1825e4553f8a2672775e8e7b7e
-
SHA512
b93ffe3295f70b0e6983e2464809586bae36f46057728a1118f0e55ab5aa41e8e8bf598d32075ea6250136332fe3fce2ec62a183d1a549b811bfac44177d1d08
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-