General
-
Target
6ffa4cfa0466047e7a320dd9aa57417d14dd9a185306fdecc9a79352d88a682f
-
Size
446KB
-
Sample
220520-ee3vlsbdap
-
MD5
a65312552f22156249bac2ddfc8a9811
-
SHA1
216505bd8e3448436f6fa202e64c0046c3ee4f60
-
SHA256
6ffa4cfa0466047e7a320dd9aa57417d14dd9a185306fdecc9a79352d88a682f
-
SHA512
12a69f8e3940724ad203352293c6e8e257305fa6dfa04e961d292be3734233c9c934dc7f0781a93b7c4847709e26cb199c2f24673d22dafdf22ce9cf2986fb4b
Malware Config
Extracted
zloader
apr17
spam
http://wmwifbajxxbcxmucxmlc.com/post.php
http://ojnxjgfjlftfkkuxxiqd.com/post.php
http://pwkqhdgytsshkoibaake.com/post.php
http://snnmnkxdhflwgthqismb.com/post.php
http://iawfqecrwohcxnhwtofa.com/post.php
http://nlbmfsyplohyaicmxhum.com/post.php
http://fvqlkgedqjiqgapudkgq.com/post.php
http://cmmxhurildiigqghlryq.com/post.php
http://nmqsmbiabjdnuushksas.com/post.php
http://fyratyubvflktyyjiqgq.com/post.php
-
build_id
108
Targets
-
-
Target
6ffa4cfa0466047e7a320dd9aa57417d14dd9a185306fdecc9a79352d88a682f
-
Size
446KB
-
MD5
a65312552f22156249bac2ddfc8a9811
-
SHA1
216505bd8e3448436f6fa202e64c0046c3ee4f60
-
SHA256
6ffa4cfa0466047e7a320dd9aa57417d14dd9a185306fdecc9a79352d88a682f
-
SHA512
12a69f8e3940724ad203352293c6e8e257305fa6dfa04e961d292be3734233c9c934dc7f0781a93b7c4847709e26cb199c2f24673d22dafdf22ce9cf2986fb4b
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
suricata: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
-
suricata: ET MALWARE Zbot POST Request to C2
suricata: ET MALWARE Zbot POST Request to C2
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-