General
-
Target
0b61ae1202d964bea67cea9d663c8530b11c1268bcea9439b949e669b3b3be7c
-
Size
251KB
-
Sample
220201-m2qgssdcfj
-
MD5
3e68a003922b9c94a660a2e696869d17
-
SHA1
a1ed31293acf35e8b9854393b9329b9874fda09c
-
SHA256
0b61ae1202d964bea67cea9d663c8530b11c1268bcea9439b949e669b3b3be7c
-
SHA512
d686028dad79b9514a7547ffaa2f8b7cc6cd8aeba413721b2ab0571997d59eaf01e4397657c228ac6152bd8be567cf929692b7e5f7d4bdfd0960e01c28e63b20
Malware Config
Extracted
zloader
DLLobnova
alisa
https://dsdjfhdsufudhjas.pro/gate.php
https://dsdjfhd9ddksaas.pro/gate.php
https://dsdjfhdsufudhjas.name/gate.php
https://dsdjfhd9ddksaas.com/gate.php
https://dsdjfhdsufudhjas.pw/gate.php
https://dsdjfhd9ddksaas.ru/gate.php
https://dsdjfhdsufudhjas.su/gate.php
https://kdsadisadijdsasm2.com/gate.php
https://dsdjfhdsufudhjas.net/gate.php
https://dsdjfhd9ddksaas.eu/gate.php
-
build_id
3
Targets
-
-
Target
0b61ae1202d964bea67cea9d663c8530b11c1268bcea9439b949e669b3b3be7c
-
Size
251KB
-
MD5
3e68a003922b9c94a660a2e696869d17
-
SHA1
a1ed31293acf35e8b9854393b9329b9874fda09c
-
SHA256
0b61ae1202d964bea67cea9d663c8530b11c1268bcea9439b949e669b3b3be7c
-
SHA512
d686028dad79b9514a7547ffaa2f8b7cc6cd8aeba413721b2ab0571997d59eaf01e4397657c228ac6152bd8be567cf929692b7e5f7d4bdfd0960e01c28e63b20
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-