General
-
Target
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
-
Size
1.5MB
-
Sample
220205-xptc2aedh9
-
MD5
0d59d38d2ec5c6aa8b14e1ab7e7f0c5c
-
SHA1
a587242db9200982a8a9d8308ce4c020020c6264
-
SHA256
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
-
SHA512
c5f3247cd102d290df14860a73b2c1ffd666b9bb89a0afc35b54d004ef6e87b9455c48b46ed8a9c494293b1362156934afd27a543fd76b95dca97d99df0e6c54
Malware Config
Extracted
zloader
main
19.04.2020
https://spardanos.com/sound.php
https://lonehee.com/sound.php
https://surgued.com/sound.php
https://tremood.com/sound.php
https://soceneo.com/sound.php
https://baatiot.com/sound.php
https://welefus.com/sound.php
https://maremeo.com/sound.php
-
build_id
39
Targets
-
-
Target
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
-
Size
1.5MB
-
MD5
0d59d38d2ec5c6aa8b14e1ab7e7f0c5c
-
SHA1
a587242db9200982a8a9d8308ce4c020020c6264
-
SHA256
14d333f6817a40cc66251901b630df311dc518be513f3be9e4fc308ab7ff562d
-
SHA512
c5f3247cd102d290df14860a73b2c1ffd666b9bb89a0afc35b54d004ef6e87b9455c48b46ed8a9c494293b1362156934afd27a543fd76b95dca97d99df0e6c54
Score10/10-
Process spawned unexpected child process
This typically indicates the parent process was compromised via an exploit or macro.
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Loads dropped DLL
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-