General
-
Target
6947ee4228ab808e9c91d9d6cd7f6f21_JaffaCakes118
-
Size
375KB
-
Sample
240523-bs9crsge2w
-
MD5
6947ee4228ab808e9c91d9d6cd7f6f21
-
SHA1
006fee40df6b2908d5a6a945fd47ddfe2f32f533
-
SHA256
2558251e3f8705e621bf2749648c77dce391f3cc870aac9a6fd7119ce79103a2
-
SHA512
f8c9618ad79a6b0ac574f59e6d06b8e56b037bd5f388122acc66928e2db913e1630fcd3f92078e53913fab71aaa680968c20be0ecc0f0375fc93a373280b6e8c
-
SSDEEP
6144:sBhX1VLyXidI3XtbNtNjrMUdVMuWVYgneflcVBMYU9ieIRQOHe1itiU4pN1jg:MhXLLyXii3XTTjgSV7W5n97uieILHe1J
Malware Config
Extracted
zloader
CASPAM
CASPAM
http://marchadvertisingnetwork4.com/post.php
http://marchadvertisingnetwork5.com/post.php
http://marchadvertisingnetwork6.com/post.php
http://marchadvertisingnetwork7.com/post.php
http://marchadvertisingnetwork8.com/post.php
http://marchadvertisingnetwork9.com/post.php
http://marchadvertisingnetwork10.com/post.php
-
build_id
24
Targets
-
-
Target
6947ee4228ab808e9c91d9d6cd7f6f21_JaffaCakes118
-
Size
375KB
-
MD5
6947ee4228ab808e9c91d9d6cd7f6f21
-
SHA1
006fee40df6b2908d5a6a945fd47ddfe2f32f533
-
SHA256
2558251e3f8705e621bf2749648c77dce391f3cc870aac9a6fd7119ce79103a2
-
SHA512
f8c9618ad79a6b0ac574f59e6d06b8e56b037bd5f388122acc66928e2db913e1630fcd3f92078e53913fab71aaa680968c20be0ecc0f0375fc93a373280b6e8c
-
SSDEEP
6144:sBhX1VLyXidI3XtbNtNjrMUdVMuWVYgneflcVBMYU9ieIRQOHe1itiU4pN1jg:MhXLLyXii3XTTjgSV7W5n97uieILHe1J
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Blocklisted process makes network request
-
Suspicious use of SetThreadContext
-