General
-
Target
6aee58b63843a0d73a98a2922092de8a_JaffaCakes118
-
Size
839KB
-
Sample
240730-a1g3tatcnb
-
MD5
6aee58b63843a0d73a98a2922092de8a
-
SHA1
abc6ac9a98360aa065f32e15d0a9293f8aa26e32
-
SHA256
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623
-
SHA512
ab93f97b94953edc7d051ffa48cf444d4f09af479746ad88b86907e50d8984919fa1fdef473b2cb73adcb23378c03a81a06eece1cf7b1d12a469c0eec943d20c
-
SSDEEP
6144:XkX7Ahus9knpaHe51x/ZD6KJ02lclcB6BQVnhLbm6BN6BILsWwrdsWhc:0Ehus+5rZDjJ025oQVhX3UjdrdsWy
Malware Config
Extracted
zloader
xls_spam_2809
divader
https://fqnesas.ru/gate.php
https://fqnvsdaas.su/gate.php
https://fqnvtmqass.ru/gate.php
https://fqnvtcpheas.su/gate.php
https://fqnvtmophfeas.ru/gate.php
https://fqnceas.su/gate.php
https://fqlocpeas.ru/gate.php
https://dksaiijn.ru/gate.php
https://dksafjasnf.su/gate.php
https://fjsafasfsa.ru/gate.php
-
build_id
80
Targets
-
-
Target
6aee58b63843a0d73a98a2922092de8a_JaffaCakes118
-
Size
839KB
-
MD5
6aee58b63843a0d73a98a2922092de8a
-
SHA1
abc6ac9a98360aa065f32e15d0a9293f8aa26e32
-
SHA256
fff929c4f44411e0f8da272f8d1db4593b23acd3c52cf8958792aef9548b4623
-
SHA512
ab93f97b94953edc7d051ffa48cf444d4f09af479746ad88b86907e50d8984919fa1fdef473b2cb73adcb23378c03a81a06eece1cf7b1d12a469c0eec943d20c
-
SSDEEP
6144:XkX7Ahus9knpaHe51x/ZD6KJ02lclcB6BQVnhLbm6BN6BILsWwrdsWhc:0Ehus+5rZDjJ025oQVhX3UjdrdsWy
Score10/10-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-