MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
SHA3-384 hash: 8d4c1e03dbcb080b77525a72c38a8e4d4b77be93e437db4776d1b507226bc4f516ef4a2144757c37593942002cbc737d
SHA1 hash: 1292e9b2ee9d566fe5b475835cc39dafbbb658ba
MD5 hash: 061057161259e3df7d12dccb363e56f9
humanhash: crazy-two-carpet-delta
File name:permissible.dll
Download: download sample
Signature ZLoader
Create hunting rule
File size:252'416 bytes
First seen:2020-07-05 20:48:03 UTC
Last seen:2023-05-21 04:59:58 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 63e54ea902497bb8b9d42a071ae1f81d (1 x ZLoader)
ssdeep 6144:K/WlwYMhq0n6qsXUl8KdsbiLeb5Jx5cf:KfVJzsXUl81biCbnc
Threatray 153 similar samples on MalwareBazaar
TLSH AF3490F17DCAE7FFE15AB73D88851982D896324629576CB4007032BB2A538C25B76C4F
Reporter Racco42
Tags:dll ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
106
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/20763/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34113072.12408.15414.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:

Behaviour
Launching a process
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-07-03 16:59:04 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=aats3vrziax2o3nugid5a5h6klkijhs5iyai66dlsrfhrgyjv7ba._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
ZLoader
23843640cfae43671a48b17dc4fe585a8e37e3767039f82448077c5b54694a57
ZLoader
25d19c2c3cb08b7634e2bc8ec87f05765bca558e74899c9e71e576d23cd70266
ZLoader
345f9fe448241c80424ef0480515898ddbb13369d8a959e6917d3219e73bfca8
ZLoader
431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
ZLoader
56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81
ZLoader
5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
ZLoader
8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
ZLoader
a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
ZLoader
dec5d4a8805defd810a545d6cb3e46cb7bb72a63f0d1c60cef82baf15bfad39b
ZLoader
+ 143 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200705-jsw1l6eblj/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run entry to start application
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:win_zloader_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:autogenerated rule brought to you by yara-signator

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/20763/

Comments