General
-
Target
74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533_dump.exe
-
Size
141KB
-
Sample
240820-3wpw3szcrb
-
MD5
4414a7af27f8a26b48af7f3dd4259b40
-
SHA1
67f733252b3973d6b33594f6e9f6e107597ae23d
-
SHA256
97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071
-
SHA512
f96bdefa6bd34f179a4d30a576f4bcb3c2d8368f12970d55850e16e3a1fe1f1cecd29cb3af7ae88d2f56cca74ae82fae2784ed6f41f18dc54b832191b312300e
-
SSDEEP
3072:OBq4SK7XybZIgipEGHwWVz/wQ+KFTRHrJUOBWokCs4:OBcgXy1TiuBuqKnHmOTs4
Malware Config
Extracted
zloader
r1
r1
https://notsweets.net/LKhwojehDgwegSDG/gateJKjdsh.php
https://olpons.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://karamelliar.org/LKhwojehDgwegSDG/gateJKjdsh.php
https://dogrunn.com/LKhwojehDgwegSDG/gateJKjdsh.php
https://azoraz.net/LKhwojehDgwegSDG/gateJKjdsh.php
-
build_id
125
Targets
-
-
Target
74c8670a8285e6783e6a5c44b43b7399078c36bd80a386f00f810da0e6a45533_dump.exe
-
Size
141KB
-
MD5
4414a7af27f8a26b48af7f3dd4259b40
-
SHA1
67f733252b3973d6b33594f6e9f6e107597ae23d
-
SHA256
97179aa99e2c4d95d226268057774f5431b0763497b7000fe683c91a70a61071
-
SHA512
f96bdefa6bd34f179a4d30a576f4bcb3c2d8368f12970d55850e16e3a1fe1f1cecd29cb3af7ae88d2f56cca74ae82fae2784ed6f41f18dc54b832191b312300e
-
SSDEEP
3072:OBq4SK7XybZIgipEGHwWVz/wQ+KFTRHrJUOBWokCs4:OBcgXy1TiuBuqKnHmOTs4
Score10/10-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
Suspicious use of SetThreadContext
-