General
-
Target
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302
-
Size
263KB
-
Sample
220201-ljfzzacbhl
-
MD5
a09afd2dd6a1c87b901903621200cbd1
-
SHA1
81622fcfe94fb96acaa1898ca3230536d1e79f63
-
SHA256
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302
-
SHA512
ca657b4a3ec7e4ba17341a09cd31e63cdac28e7c9dc1dc71e422d98a54fc88dd876b214f63aafccfdef09cfea3047bb2715022b80b4a2be4be18be95662c1d4c
Static task
static1
Behavioral task
behavioral1
Sample
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302.dll
Resource
win10v2004-en-20220113
Malware Config
Extracted
zloader
DLLobnova
newupdate326
https://fdsjfjdsfjdsdsjajjs.com/gate.php
https://idisaudhasdhasdj.com/gate.php
https://dsjdjsjdsadhasdas.com/gate.php
https://dsdjfhdsufudhjas.com/gate.php
https://dsdjfhdsufudhjas.info/gate.php
https://fdsjfjdsfjdsdsjajjs.info/gate.php
https://idisaudhasdhasdj.info/gate.php
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
-
build_id
5
Targets
-
-
Target
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302
-
Size
263KB
-
MD5
a09afd2dd6a1c87b901903621200cbd1
-
SHA1
81622fcfe94fb96acaa1898ca3230536d1e79f63
-
SHA256
a770fcb1791d4a1c1037921403f936fb699b4e86df500abc41cb7fa1d762e302
-
SHA512
ca657b4a3ec7e4ba17341a09cd31e63cdac28e7c9dc1dc71e422d98a54fc88dd876b214f63aafccfdef09cfea3047bb2715022b80b4a2be4be18be95662c1d4c
-
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic -POST To gate.php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
suricata: ET MALWARE Trojan Generic - POST To gate.php with no referer
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-