General
-
Target
161dabd778b2d24a7cae425bc2349e3db840acf49222c6067359ec7a01d3e05e
-
Size
258KB
-
Sample
220201-myk3xadfe8
-
MD5
b57d728b9b71593edb74984985412ebd
-
SHA1
71394a1e2056ab7938d00d65ea4e74fb92178630
-
SHA256
161dabd778b2d24a7cae425bc2349e3db840acf49222c6067359ec7a01d3e05e
-
SHA512
c277df221bbd76884468d499c0a9fdff8443efd2e2540f56678f6d8831e315c27d3f51d6129344652daffa215a6f4e63915f7665bbe487a5a1f4dfbd3bcb26a4
Malware Config
Extracted
zloader
banking
banking
https://iloveyoubaby1.pro/gate.php
https://idsakjfsanfaskj.com/gate.php
https://fslakdasjdnsasjsj.com/gate.php
https://dksadjsahnfaskmsa.com/gate.php
https://dskdsajdsahda.info/gate.php
https://dskdsajdsadasda.info/gate.php
https://dskjdsadhsahjsas.info/gate.php
https://dsjadjsadjsadjafsa.info/gate.php
https://fsakjdsafasifkajfaf.pro/gate.php
https://djsadhsadsadjashs.pro/gate.php
-
build_id
2
Targets
-
-
Target
161dabd778b2d24a7cae425bc2349e3db840acf49222c6067359ec7a01d3e05e
-
Size
258KB
-
MD5
b57d728b9b71593edb74984985412ebd
-
SHA1
71394a1e2056ab7938d00d65ea4e74fb92178630
-
SHA256
161dabd778b2d24a7cae425bc2349e3db840acf49222c6067359ec7a01d3e05e
-
SHA512
c277df221bbd76884468d499c0a9fdff8443efd2e2540f56678f6d8831e315c27d3f51d6129344652daffa215a6f4e63915f7665bbe487a5a1f4dfbd3bcb26a4
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Sets service image path in registry
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-