General
-
Target
f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949
-
Size
364KB
-
Sample
220516-cmk9esaac5
-
MD5
237dcba926f68d809230a71529172e4c
-
SHA1
350ef285178655aa95e49b51957ec14d9e36ba78
-
SHA256
f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949
-
SHA512
8dd34cf5c04c8d2de31338da1abed2dbb0474f99198330fbe69a5a0f37a3027ccf70ea4d9647447477d1a1d446dfc621ab834b95117b8bcd67ed1cf18f047b30
Malware Config
Extracted
zloader
Raz
Raz
http://softwareserviceupdater5.com/web/post.php
-
build_id
35
Targets
-
-
Target
f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949
-
Size
364KB
-
MD5
237dcba926f68d809230a71529172e4c
-
SHA1
350ef285178655aa95e49b51957ec14d9e36ba78
-
SHA256
f32f0d0bb54491c4c51a1ac17e62ede428373bb0130acaf6ac544c5b7b83e949
-
SHA512
8dd34cf5c04c8d2de31338da1abed2dbb0474f99198330fbe69a5a0f37a3027ccf70ea4d9647447477d1a1d446dfc621ab834b95117b8bcd67ed1cf18f047b30
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
suricata: ET MALWARE Zbot POST Request to C2
suricata: ET MALWARE Zbot POST Request to C2
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-