General
-
Target
0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
-
Size
345KB
-
Sample
220604-s3s7zadch2
-
MD5
86c4c35439fd5cfe3aff15e8765e2050
-
SHA1
e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
-
SHA256
0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
-
SHA512
7858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84
Malware Config
Targets
-
-
Target
0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
-
Size
345KB
-
MD5
86c4c35439fd5cfe3aff15e8765e2050
-
SHA1
e12e37c922d5b97c055f5d82f1a6fa7db9ad3e66
-
SHA256
0f6cd4e8159b243b7de4a18711fc39624491759beccb01386438f52175aad4b1
-
SHA512
7858a9577ac4ce24d974914a2b25a7c2920c137bcc3dd2af91846bf618c85c6cff57d84a8e26a2840e48b23412ad5c41482a133c22d1958f7ccd674eadd5bd84
Score10/10-
suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
suricata: ET MALWARE Generic - POST To .php w/Extended ASCII Characters (Likely Zeus Derivative)
-
suricata: ET MALWARE Zbot POST Request to C2
suricata: ET MALWARE Zbot POST Request to C2
-
Executes dropped EXE
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Suspicious use of SetThreadContext
-