Contact Us Get Support

IQ-FA003:Zloader XLSX Documents Evolution4

Posted on 2020-05-12 by William MacArthur

I see some great things happening and people noticing some of the Documents that are going around that have some ties to what I call it as Evloution4 based on the chracteristics we have observed. We are following the evolutions (changes) and other TTPS that we have observed since we started to track heavily. The 5th evolution being that of last weeks blog in regards to the XLSM documents ZLoader 4.0 Macrosheets Evolution

InQuest Score (8 out of 10) for the Maldocs

InQuest Score (8 out of 10) for the DLL

Document Lure

Zloader Evolution 4 hashes

Date Observed Indicator Type Indicator           Notes/Reports
5/12/2020     ZLoader Evolution4 Maldoc    a01f53f5da79d5fe30b32364e9891160e789870cda05f1ad7ae8177114530dd2 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    c9689e2215957a0a3b622435591d393454261fdffa9370f1d099f84eaa27d82f InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    9400aa085fa8b79bdbd17755e9d0509cc52c15024ddda96a4baf26cdb6a7002e InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    0d0fce9e8775aff40b2d7e961a7205408c046e2f0a27f741f68aea1fb9d960d7 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    6a259dbc8d436fb2f76a8c6b0e6caf11c2c8e548c857ebf6be05469287530c79 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    036a2f551d9c5eecc87b76bf541f3bbdef2b04a123bbb34c7256ab04ef25acb6 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    81fbe64c2f4ca794931793fa474773d5b45bdabdef38e5323112e5ba680d2659 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    f7b7865759eaff84dcab89415a17a970b5d82d5dbff550a15f1fe62a46fddbc9 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    7d1a3f83a2365662986af771d1ba06447d41f2236f5226d9adcf0edf6d0712bb InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    c7d4f90f2e4f4d5e1a3d06815abd08c3207a2d43eef67bb010f34ed28c65480f InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    66985d1689ffaaa40fb3b41adf28fdbbc290d0150ef5bb1d92cc8c5d98006d72 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    1736a844ae0f939334f1c27b4d2c2dab8c79785a1bec388b67b506b86bc83b14 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    a8ed9d9a8d151d7043850d3edeabc4fb2daed7fdafd11a5146c5483c3b9ba633 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    e09bda3f312add8eedc486fe6965bb6b3bac90c691cbde37b776ee20c3093fce InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    1e2b42e680b96f725ec07075bc33cc57e8e27b674eaf9520afdf37700aa362f6 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    3c3db7565369bd0fa967fa4a62ed3679a9158e59ec248cdbb5913e3ed94b7fe6 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    3d49b51bab03dc0eca0eacf978317a3c200b3e93aba68570f31088d2ce7dc191 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    e3ef025e93ad69cb97f5b471be131b0f685b0d6992cc6c01e13a3e48a711c57e InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    32fac6afbf1d2ee2c81ce3441432d88d9c32f504dbbfa366393dab5114c4c437 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    e53e075f63d65b3e8c5a7fbd59bf63aaf1ada5bf1098b10099dc194050a51dc9 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    af2d6136818ca9b26874bbeba502df6588956743051ed00bdebdbe32b6122357 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    274d931fdaa32c67b7cb9dd83530349a719cf2e7d08d8469182e1472c900b8ec InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    c1d2f29b17cf55f50f0544596a626153dfedb339f4e27fb89d0623e6764ffa13 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    c1d2f29b17cf55f50f0544596a626153dfedb339f4e27fb89d0623e6764ffa13 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    4dec6d0d82cf0798bdba6272754f054242be15197e945f54c5c148ab9f728d21 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    cdd3f40f679d96a61594e1f2776a4c8cb6992a5be31ef540c19ef2446a484704 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    c0b3d0e776210b718474e0f7c893b8d44826ac39c4640b21198bcf46ea94d645 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    3848bf29a1575e092fe3f5f98d5562170ae06c5af88e02692031352c66c30cc2 InQuest Labs
5/12/2020     ZLoader Evolution4 Maldoc    63db59695cb53707077570dd4aca3493f0a2e6ba2a857545728ea96d04eba71f InQuest Labs

Network Indicators

Date Observed Indicator Type Indicator           Notes/Reports
5/12/2020     Domain      japanjisho.info   URLHaus
5/12/2020     Domain      gavrelets.ru   URLHaus
5/12/2020     Domain      hopime.com   URLHaus
5/12/2020     Domain      hormonas.comegico.com.mx  VirusTotal
5/12/2020     IP        92.53.96.168 AS9123 RU TIMEWEB-AS
5/12/2020     IP        95.181.152.73 AS207319 RU MSKHOST

DLL

Date Observed Indicator Type Indicator           Notes/Reports
5/12/2020     Malicious DLL    x.dll  VirusTotal
5/12/2020     Malicious DLL    2.dll  VirusTotal
Tags
ZLoader

All Flash Alerts