Extracted

• • Target

    74483bc98982a9eb86823cc643edd939_JaffaCakes118

  • Size

    422KB

  • MD5

    74483bc98982a9eb86823cc643edd939

  • SHA1

    a596acc431dd9e84ca0eb1c5699fa1ac5381e629

  • SHA256

    00a2e100c5f4d7419e6612284e80b5612b080671b50f3ad9442b60e937f87967

  • SHA512

    e1d1adbace8d37bd1a055757252556cdd56fb2ad76cacdff76d3b8ea7d823587605c93c2ce9097a90f78108ff7ef380a937582634f8cd4a5f9f1cec63db793d9

  • SSDEEP

    12288:yClc4hq+Ytln3+YzGKBTpJHtvgqYe7S9S:Tlc4kBlnOabpFtGgS0

  Score

  10^/10

  zloaderbotnetpersistencetrojan

  • Zloader, Terdot, DELoader, ZeusSphinx

    Zloader is a malware strain that was initially discovered back in August 2015.

    trojanbotnetzloader

  • Adds Run key to start application

    persistence

  • Blocklisted process makes network request

  • Suspicious use of SetThreadContext

  behavioral1behavioral2