General
-
Target
648545a9d8d6a009c81d0fc072e430a91cd2d7cc63c771fb7a88e59de7af5296
-
Size
156KB
-
Sample
220520-p9fcxafgar
-
MD5
0e2a67089d12bf0bfb06f54ab52369d6
-
SHA1
57ff02529e54b54bd4e5d51ccb28eae041163ebf
-
SHA256
648545a9d8d6a009c81d0fc072e430a91cd2d7cc63c771fb7a88e59de7af5296
-
SHA512
416de0aa9061dbed9e11cdb077f6a81bb45c15ed07e6be1d3df12561e0c47e23daaf4fa1e4d999f22354dac300c3add4300efb2a58b60b935cbab06811b0b357
Malware Config
Extracted
zloader
nut
14/08
https://girldowcahohorme.tk/wp-parsing.php
http://thegamegolfmagazine.com/wp-parsing.php
http://truvaluconsulting.com/wp-parsing.php
https://blog2.textbookrush.com/wp-parsing.php
https://curiosidadez.com.br/wp-parsing.php
https://nonchothetohear.cf/wp-parsing.php
https://sicupira8.com.br/wp-parsing.php
https://titaniumgamers.com/wp-parsing.php
-
build_id
109
Targets
-
-
Target
648545a9d8d6a009c81d0fc072e430a91cd2d7cc63c771fb7a88e59de7af5296
-
Size
156KB
-
MD5
0e2a67089d12bf0bfb06f54ab52369d6
-
SHA1
57ff02529e54b54bd4e5d51ccb28eae041163ebf
-
SHA256
648545a9d8d6a009c81d0fc072e430a91cd2d7cc63c771fb7a88e59de7af5296
-
SHA512
416de0aa9061dbed9e11cdb077f6a81bb45c15ed07e6be1d3df12561e0c47e23daaf4fa1e4d999f22354dac300c3add4300efb2a58b60b935cbab06811b0b357
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
suricata: ET MALWARE Zbot POST Request to C2
suricata: ET MALWARE Zbot POST Request to C2
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-