General
-
Target
JoltBeacon.exe
-
Size
170KB
-
Sample
240409-tdx1aseh9y
-
MD5
6a6c11510e1743835c938eb1135d5f8f
-
SHA1
cab05283c7458cb74499772525f1eeb174ae2daa
-
SHA256
89e7621123c613d82aadfe6defded7f2816a7add36a7ef1576c08206c84fc90d
-
SHA512
149c6f5bcf6b05c40e1c040d89586b6d992bbc7c3c23ca24292caa064531f373dee1243249f803fd20abfe53621ec7816d4fdb097cc2ee63bbca209cc993ccd5
-
SSDEEP
3072:WGDjIrSZFEhB2oMk3pXO+4ao8eB4JP5/xemoyUuziq7:WYj3KhWmODB4//xloyUuuq
Malware Config
Extracted
zloader
https://arleprboacqyacbypwly.com/post.php
https://uhqokhlefrqyacgearbe.com/post.php
https://fcgtahlefrqyacgearbe.com/post.php
https://fcgtahlefrqyacgearby.com/post.php
https://arqjfrgtkcqtumbtfhbe.com/post.php
https://fclykcbjpmljawvjkrby.com/post.php
https://amgopmvyuwgyfhqypcvo.com/post.php
https://fwbeucbjkcqtumgypcvo.com/post.php
https://fwgjfwqoacqturljkrby.com/post.php
https://amltamvyurbjacgearby.com/post.php
https://amltamvyurbjacgyuhlo.com/post.php
https://fcltfrlyurbjacljkmvj.com/post.php
https://uhvouwvtkcqopcljkmvj.com/post.php
https://uhbykcgoahbjfhveawlo.com/post.php
https://fcqeuwvtkcvyfhveawlo.com/post.php
https://khbykhlyuwlepcljkrgy.com/post.php
https://fwgjfwqjurbjawboumvj.com/post.php
https://ucqeucgjurbjacgyuhlo.com/post.php
https://fwgjfwvtkwlephvyuhlo.com/post.php
https://uhbtfrlyurgopcljkmvj.com/post.php
-
dga_date_gen
2024-04-09T00:00:00Z
-
time_seed
1.7126208e+09
Targets
-
-
Target
JoltBeacon.exe
-
Size
170KB
-
MD5
6a6c11510e1743835c938eb1135d5f8f
-
SHA1
cab05283c7458cb74499772525f1eeb174ae2daa
-
SHA256
89e7621123c613d82aadfe6defded7f2816a7add36a7ef1576c08206c84fc90d
-
SHA512
149c6f5bcf6b05c40e1c040d89586b6d992bbc7c3c23ca24292caa064531f373dee1243249f803fd20abfe53621ec7816d4fdb097cc2ee63bbca209cc993ccd5
-
SSDEEP
3072:WGDjIrSZFEhB2oMk3pXO+4ao8eB4JP5/xemoyUuziq7:WYj3KhWmODB4//xloyUuuq
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-