General
-
Target
3599f01a6162db10307b75c7132c06db.dll
-
Size
634KB
-
Sample
200704-cnztgvs2vs
-
MD5
3599f01a6162db10307b75c7132c06db
-
SHA1
363a23608cccc5d39393c51eb9570e624aef8558
-
SHA256
3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
-
SHA512
c63566de21e4aba265ae80a51f56a9622e4bdac40430b477d269304f6793f062742728ebf4ba9457cf48c3d9bd654b81d48fbec7f1b304392f51d14efa1ebafd
Malware Config
Extracted
zloader
nut
02/07
https://tedxminna.com/wp-parsing.php
https://roeslidegeralic.gq/wp-parsing.php
https://tccgroup.com.tw/wp-parsing.php
https://marufait.com/wp-parsing.php
https://blackandprecious.com/wp-parsing.php
https://resources.digilentinc.com/wp-parsing.php
https://phywebtmoonsthevil.gq/wp-parsing.php
https://ews.asia/wp-parsing.php
https://ews1.icu/wp-parsing.php
Targets
-
-
Target
3599f01a6162db10307b75c7132c06db.dll
-
Size
634KB
-
MD5
3599f01a6162db10307b75c7132c06db
-
SHA1
363a23608cccc5d39393c51eb9570e624aef8558
-
SHA256
3326d4607b164078735ee55313992c18e83e6b87b75faf350b8c61a99eb2b659
-
SHA512
c63566de21e4aba265ae80a51f56a9622e4bdac40430b477d269304f6793f062742728ebf4ba9457cf48c3d9bd654b81d48fbec7f1b304392f51d14efa1ebafd
Score10/10-
Suspicious use of NtCreateProcessExOtherParentProcess
-
Suspicious use of NtCreateUserProcessOtherParentProcess
-
Zloader, Terdot, DELoader, ZeusSphinx
Zloader is a malware strain that was initially discovered back in August 2015.
-
ServiceHost packer
Detects ServiceHost packer used for .NET malware
-
Blacklisted process makes network request
-
Suspicious use of SetThreadContext
-