MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ZLoader

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf
SHA3-384 hash:	29bcb3d2102f0b28f86d97b603cba7a967368267151b432e320dc7ed639a0e804123558a19e674dd1c1b29c8971c5b36
SHA1 hash:	9820fde0873ec93779f619973544d047a8bd8afb
MD5 hash:	f5e5d82309619334c508544cd9a20e63
humanhash:	indigo-seven-cat-mobile
File name:	PSCavX9M
Download:	download sample
Signature	ZLoader Create hunting rule
File size:	479'744 bytes
First seen:	2020-07-08 13:22:17 UTC
Last seen:	Never
File type:	dll
MIME type:	application/x-dosexec
imphash	1dbe8abb79ccf0f8ed080b1763a346f4 (1 x ZLoader)
ssdeep	12288:g335rC3qMXh0RJVPSQNmD3vurmCrGl+Omk0oQY+LJQzvD8c:apzPkOmCrGM9oHAJy8
Threatray	143 similar samples on MalwareBazaar
TLSH	22A4E1D26E86A07BCDEE6C344432C8B1941C7D22153DDDD7FBC46BBB9A360508279C6A
Reporter	JAMESWT_WT
Tags:	dll ZLoader

JAMESWT_WT

IE agent

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/23125/

Detection(s):

PUA.Win.Downloader.Aiis-6803892-0

Result

Verdict:

Malware

Maliciousness:

Behaviour

Launching a process

Detection:

zloader

Link:

https://mwdb.cert.pl/sample/1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf/

Threat name:

Win32.Trojan.ZLoader

Status:

Malicious

First seen:

2020-07-08 13:23:04 UTC

File Type:

PE (Dll)

Extracted files:

AV detection:

19 of 27 (70.37%)

Threat level:

5/5

Detection(s):

Malicious file

Link:

https://check.spamhaus.org/check/?searchterm=dw345n5usj46qwaibkf5lclxhbyvilmg7tfjqa3f7mqowh53yg7q._file

Verdict:

malicious

Label(s):

gozi

zloader

Result

Malware family:

zloader

Score:

10/10

Tags:

trojan botnet family:zloader evasion spyware

Link:

https://tria.ge/reports/200708-x8yy9dqx92/

Behaviour

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: EnumeratesProcesses

Suspicious use of SetThreadContext

Modifies system certificate store

Blacklisted process makes network request

Zloader, Terdot, DELoader, ZeusSphinx

Suspicious use of NtCreateUserProcessOtherParentProcess

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 1db7ceb7b49279e858080a8bd589773871542d86fcca980365fb20eb1fbbc1bf

(this sample)

Link

https://dayton.store/wp-index.php

Cape

https://www.capesandbox.com/analysis/23125/

URLhaus

https://urlhaus.abuse.ch/url/408935/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/409011/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample