General
-
Target
The Blackout.docx
-
Size
290KB
-
Sample
230201-z7jbwsec2z
-
MD5
201153e622f00eef93b0b84985c5d99a
-
SHA1
22b84ff283d053d658abb69fc8d5967bbfd965f7
-
SHA256
1abe116b10d8e85ef225d498cfe63bcc438e2e01e736677063c1b44c0dcabeca
-
SHA512
6ca4cf3bd08b63d26ddbf81d54c6abcb6fcadd3a8560ce6a18e90e873b09d6f5dc6fea8a35853646936c20bb12caf15beaab79f07a6751a2704f7a94516dee3d
-
SSDEEP
6144:2nNkfRbZIbHGSkHdexpqUwmAfYYVTOU1Kb2/QDS6ah07Ms1mxD:2nARyNuUdwmAfYYVycK6/QhAsMl
Malware Config
Targets
-
-
Target
The Blackout.docx
-
Size
290KB
-
MD5
201153e622f00eef93b0b84985c5d99a
-
SHA1
22b84ff283d053d658abb69fc8d5967bbfd965f7
-
SHA256
1abe116b10d8e85ef225d498cfe63bcc438e2e01e736677063c1b44c0dcabeca
-
SHA512
6ca4cf3bd08b63d26ddbf81d54c6abcb6fcadd3a8560ce6a18e90e873b09d6f5dc6fea8a35853646936c20bb12caf15beaab79f07a6751a2704f7a94516dee3d
-
SSDEEP
6144:2nNkfRbZIbHGSkHdexpqUwmAfYYVTOU1Kb2/QDS6ah07Ms1mxD:2nARyNuUdwmAfYYVycK6/QhAsMl
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Detected potential entity reuse from brand microsoft.
-