General
-
Target
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065
-
Size
421KB
-
Sample
220205-qe488abhdq
-
MD5
10dd1255825cbde60c665539380e5691
-
SHA1
425d9f9cb80c6f636c0d762d69bdb9329b0d8d75
-
SHA256
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065
-
SHA512
6b1fe481d69799caa6265a2aaccb1c3ace9b17776b93aec5df3d1f9b5e71c56401fef9df562f1f419b40412ac136e5ce8b08acd7897555d7711a6156dd18837c
Static task
static1
Behavioral task
behavioral1
Sample
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065.dll
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065.dll
Resource
win10v2004-en-20220112
Malware Config
Extracted
zloader
April23Fixed
April23Fixed
http://wmwifbajxxbcxmucxmlc.com/post.php
http://onfovdaqqrwbvdfoqnof.com/post.php
http://cmmxhurildiigqghlryq.com/post.php
http://nmqsmbiabjdnuushksas.com/post.php
http://fvqlkgedqjiqgapudkgq.com/post.php
http://iawfqecrwohcxnhwtofa.com/post.php
http://nlbmfsyplohyaicmxhum.com/post.php
http://snnmnkxdhflwgthqismb.com/post.php
-
build_id
120
Targets
-
-
Target
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065
-
Size
421KB
-
MD5
10dd1255825cbde60c665539380e5691
-
SHA1
425d9f9cb80c6f636c0d762d69bdb9329b0d8d75
-
SHA256
8aa25ae29c5eeb062b5ae8cf48b5f1381d73298f61ebea9563bcb4f253446065
-
SHA512
6b1fe481d69799caa6265a2aaccb1c3ace9b17776b93aec5df3d1f9b5e71c56401fef9df562f1f419b40412ac136e5ce8b08acd7897555d7711a6156dd18837c
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-