General
-
Target
ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56
-
Size
246KB
-
Sample
220201-k68g3aceh8
-
MD5
d871aee05301c265725e006800294894
-
SHA1
3b6d944433e24d2eb9606f8d4bfc882ba505c4d6
-
SHA256
ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56
-
SHA512
83508d1a3e08a584e0fa4b7b7f3dc87ee4bce48eea83e6d009baf92041bd3ce8eb6ee6132f768fcd54168c1c7b845e1ef62e537471a2f3a323b79c3e0858ecc5
Malware Config
Extracted
zloader
banking
banking
https://iloveyoubaby1.pro/gate.php
https://idsakjfsanfaskj.com/gate.php
https://fslakdasjdnsasjsj.com/gate.php
https://dksadjsahnfaskmsa.com/gate.php
https://dskdsajdsahda.info/gate.php
https://dskdsajdsadasda.info/gate.php
https://dskjdsadhsahjsas.info/gate.php
https://dsjadjsadjsadjafsa.info/gate.php
https://fsakjdsafasifkajfaf.pro/gate.php
https://djsadhsadsadjashs.pro/gate.php
-
build_id
9
Targets
-
-
Target
ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56
-
Size
246KB
-
MD5
d871aee05301c265725e006800294894
-
SHA1
3b6d944433e24d2eb9606f8d4bfc882ba505c4d6
-
SHA256
ccb8e17d3df37549a3dbdb31f3b5e03b8fbb3ddf9462cf962518c8e0312cdb56
-
SHA512
83508d1a3e08a584e0fa4b7b7f3dc87ee4bce48eea83e6d009baf92041bd3ce8eb6ee6132f768fcd54168c1c7b845e1ef62e537471a2f3a323b79c3e0858ecc5
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-