General
-
Target
0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2
-
Size
243KB
-
Sample
220201-m117xadfh6
-
MD5
7b5549a7d9e638eb713dce14c2ad357b
-
SHA1
171c328013f121ea18c68436c5450b89c50e8794
-
SHA256
0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2
-
SHA512
b62f454bc52de5975b9327889cf52f2a7103936bd3437156ab85e31119ed42b8ea19bc78cefa07ded3a6b9c87407c6bf43bff25275b25bb5073bb07b079a0616
Malware Config
Extracted
zloader
DLLobnova
newupdate326
https://fdsjfjdsfjdsdsjajjs.com/gate.php
https://idisaudhasdhasdj.com/gate.php
https://dsjdjsjdsadhasdas.com/gate.php
https://dsdjfhdsufudhjas.com/gate.php
https://dsdjfhdsufudhjas.info/gate.php
https://fdsjfjdsfjdsdsjajjs.info/gate.php
https://idisaudhasdhasdj.info/gate.php
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
-
build_id
5
Targets
-
-
Target
0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2
-
Size
243KB
-
MD5
7b5549a7d9e638eb713dce14c2ad357b
-
SHA1
171c328013f121ea18c68436c5450b89c50e8794
-
SHA256
0d6aad4b3fe886c7d24286d333094bed9eb2c6d5ee3f7afb7fabbd1538f440e2
-
SHA512
b62f454bc52de5975b9327889cf52f2a7103936bd3437156ab85e31119ed42b8ea19bc78cefa07ded3a6b9c87407c6bf43bff25275b25bb5073bb07b079a0616
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-