General
-
Target
https://l.facebook.com/l.php?u=AT2XxCbjVjZEuf4J1iOKOwIql9nXkDd9PylVnza4XOb-u5lt30aevZdScUPu7BGXsjRKrNdZ-sk_KvYnZTDJbAkJ7zfR&h=AT25GomPtk3RrRqn4BxfXCIg2zV_MOA-cKnWfbsr-pivLZ8N26WyNxFunkVrhc2h_-1J3Ruw88o3LRxmPX1oTgR-QlA1vBUlAVFXQxf_ctQFMKHLu0WSyml7b87t3fj8gAA8QiY&__cft__0=AZWODYLpvI9VX1z6NqVUZqJr0MKHlzQDbdsa07yPinEcydKsxtUI25oPZzOvvbKenYgKhMdIHBkmFzr7eyC4H4eEP25CTk6Tum_VLTEpmnkgjnZGdIONPqSvdN9-04XjhuNlG5XIagRtwbUhYbCsTao39N3FHwE_saCKXGkQRZo63KKxG2fDHDUPSQ1CxwsHZ2vxdhZmKJUXdMh3IIUx1vc08G6-Zg-jQSaSGjiuedSKafPclT07VcQByR1NDxTIHGIDWYuMnpEZ1qXpw2jMWNmMMiD1cYE40Lx-0rZuTQk0dYASgNGbRXdDZplH70htLYM&__tn__=H-R
-
Sample
221126-xdklrafb66
Malware Config
Targets
-
-
Target
https://l.facebook.com/l.php?u=AT2XxCbjVjZEuf4J1iOKOwIql9nXkDd9PylVnza4XOb-u5lt30aevZdScUPu7BGXsjRKrNdZ-sk_KvYnZTDJbAkJ7zfR&h=AT25GomPtk3RrRqn4BxfXCIg2zV_MOA-cKnWfbsr-pivLZ8N26WyNxFunkVrhc2h_-1J3Ruw88o3LRxmPX1oTgR-QlA1vBUlAVFXQxf_ctQFMKHLu0WSyml7b87t3fj8gAA8QiY&__cft__0=AZWODYLpvI9VX1z6NqVUZqJr0MKHlzQDbdsa07yPinEcydKsxtUI25oPZzOvvbKenYgKhMdIHBkmFzr7eyC4H4eEP25CTk6Tum_VLTEpmnkgjnZGdIONPqSvdN9-04XjhuNlG5XIagRtwbUhYbCsTao39N3FHwE_saCKXGkQRZo63KKxG2fDHDUPSQ1CxwsHZ2vxdhZmKJUXdMh3IIUx1vc08G6-Zg-jQSaSGjiuedSKafPclT07VcQByR1NDxTIHGIDWYuMnpEZ1qXpw2jMWNmMMiD1cYE40Lx-0rZuTQk0dYASgNGbRXdDZplH70htLYM&__tn__=H-R
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-