General

  • Target

    polysemous.dll

  • Size

    256KB

  • Sample

    200629-zhvg8j19cx

  • MD5

    546fd2b31496c60ad6012c080b03f643

  • SHA1

    140b2e5b1aaa43400795ed21c176754ac6048dc5

  • SHA256

    a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000

  • SHA512

    aad4d70c03f8b318cad133b09274cb6327add48ed27c0f3836d5fe64839327c45282e7b8b0e74c7bc3c1f7fc6f7f4a690c68e4f79b2134a509cc3a7045dba64c

Malware Config

Targets

    • Target

      polysemous.dll

    • Size

      256KB

    • MD5

      546fd2b31496c60ad6012c080b03f643

    • SHA1

      140b2e5b1aaa43400795ed21c176754ac6048dc5

    • SHA256

      a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000

    • SHA512

      aad4d70c03f8b318cad133b09274cb6327add48ed27c0f3836d5fe64839327c45282e7b8b0e74c7bc3c1f7fc6f7f4a690c68e4f79b2134a509cc3a7045dba64c

    • Zloader, Terdot, DELoader, ZeusSphinx

      Zloader is a malware strain that was initially discovered back in August 2015.

    • Adds Run entry to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks