General
-
Target
549eb886be64ac9d6d2817575f5d0d0f46c0c5602fedd29aa561ab3f05e3349e
-
Size
282KB
-
Sample
220201-mendxsddc8
-
MD5
7dcae3de26d219720b9ceb9af6d2ca08
-
SHA1
a93b53115c9d39ab0ad57085b165859d5e9fcb53
-
SHA256
549eb886be64ac9d6d2817575f5d0d0f46c0c5602fedd29aa561ab3f05e3349e
-
SHA512
94058dd9930d8a136c7bd6b3d1e2e79e838863130378293b58d1bd9e8518a820e4df3be326883d8ef25e536f539613fa9882a0c097f121caf1fcaaa7263fc33e
Malware Config
Extracted
zloader
main
2020-07-08
https://zonculet.com/web/data
https://dweandro.com/web/data
https://sweleger.com/web/data
https://cromecho.com/web/data
https://wunchilm.com/web/data
https://odoncrol.com/web/data
https://amemooll.org/web/data
https://urecheng.org/web/data
https://wiliefax.org/web/data
-
build_id
25
Targets
-
-
Target
549eb886be64ac9d6d2817575f5d0d0f46c0c5602fedd29aa561ab3f05e3349e
-
Size
282KB
-
MD5
7dcae3de26d219720b9ceb9af6d2ca08
-
SHA1
a93b53115c9d39ab0ad57085b165859d5e9fcb53
-
SHA256
549eb886be64ac9d6d2817575f5d0d0f46c0c5602fedd29aa561ab3f05e3349e
-
SHA512
94058dd9930d8a136c7bd6b3d1e2e79e838863130378293b58d1bd9e8518a820e4df3be326883d8ef25e536f539613fa9882a0c097f121caf1fcaaa7263fc33e
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-