General
-
Target
adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
-
Size
275KB
-
Sample
220201-lgjyvacge5
-
MD5
285be226c4da6aa4a366aa7bdbafb23b
-
SHA1
a6c3594107c9fe781690ca7c9158d27c41d9ed53
-
SHA256
adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
-
SHA512
9649fd35341413f525cb46175b682a40a081e56734672ce2f8fc76c845ad10a112ad5939cf3712b95cdf1addc3775eecdcd3c35e4854f41585f56613859b7545
Malware Config
Extracted
zloader
banking
banking
https://iloveyoubaby1.pro/gate.php
https://idsakjfsanfaskj.com/gate.php
https://fslakdasjdnsasjsj.com/gate.php
https://dksadjsahnfaskmsa.com/gate.php
https://dskdsajdsahda.info/gate.php
https://dskdsajdsadasda.info/gate.php
https://dskjdsadhsahjsas.info/gate.php
https://dsjadjsadjsadjafsa.info/gate.php
https://fsakjdsafasifkajfaf.pro/gate.php
https://djsadhsadsadjashs.pro/gate.php
-
build_id
6
Targets
-
-
Target
adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
-
Size
275KB
-
MD5
285be226c4da6aa4a366aa7bdbafb23b
-
SHA1
a6c3594107c9fe781690ca7c9158d27c41d9ed53
-
SHA256
adce8f29cb6cbbc44f5566031370753da43ea431ad3aeb11a6fc2186d571c957
-
SHA512
9649fd35341413f525cb46175b682a40a081e56734672ce2f8fc76c845ad10a112ad5939cf3712b95cdf1addc3775eecdcd3c35e4854f41585f56613859b7545
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-