MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9
SHA3-384 hash: 008ad0fa74c451beef62e79e259d5a7e932af1d6deaa0443161bfe8102718c48a3e127403f6d128cdb08c1643d0e6bca
SHA1 hash: 446cfe9fa815951085e4e587dd272911b9e5d32b
MD5 hash: 8bb66e279a58af871180adbb29e41f4f
humanhash: butter-sweet-winner-harry
File name:SecuriteInfo.com.Generic.mg.8bb66e279a58af87.8179
Download: download sample
Signature ZLoader
Create hunting rule
File size:366'592 bytes
First seen:2020-04-21 01:41:29 UTC
Last seen:2020-04-21 02:38:13 UTC
File type:DLL dll
MIME type:application/x-dosexec
imphash 83cf26ff3548456dc06a6d6d0227db78 (2 x ZLoader)
ssdeep 6144:091kAIgU+wKjUrePimd2jGZFakdU8fLx1tK7IwyBfb7T0Y:090gUBe6dUFHU8pi6xb7T
Threatray 40 similar samples on MalwareBazaar
TLSH AF74C005B6E1C968E464587ADF2CD0FC164A3C90DF7065933AE2BF4F7BB02E19625722
Reporter SecuriteInfoCom
Tags:ZLoader

Intelligence

File Origin
# of uploads :
2
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Generic.mg.8bb66e279a58af87.8179.UNOFFICIAL
Create hunting rule

PUA.Win.Downloader.Aiis-6803892-0
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Kryptik
Create hunting rule
Status:
Malicious
First seen:
2020-04-21 01:34:00 UTC
File Type:
PE (Dll)
AV detection:
21 of 31 (67.74%)
Threat level:
  2/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=f4thb2fhqropgabsaqk4nilp7q2omythf4lnpt6ploir2cefc3mq._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
gozi
Create hunting rule
Similar samples:
3648fe001994cb9c0a6b510213c268a6bd4761a3a99f3abb2738bf84f06d11cf
ZLoader
4553d627f2509e19e9b84491c08ec9854d785df4f74e900b969c57ccd244c086
ZLoader
a47685b867e6b164a812a05f35b6732c9b81f1fc75b2a7242c18436a9329d247
ZLoader
bc0b57f04efe4239fcc02f049c97016c653c963de8cbe45bcf9449cd16919f08
ZLoader
c44e8d9dba3b4a4cc835b460e69d336347fd3fbfb67621d7cd6e8723976607ce
ZLoader
c55e3938e9c2c9d00235d8ed87a55adc18fa1c6377a9ee0fd6212916c67d0020
ZLoader
e4601ce15ad7bca4617ad033f129a5d507f8e55b979c97a78cf31a6f501cb046
ZLoader
f27183fd7586c6eaca1f6aaed3a7c3c6e52894e23b9656c3953318a85bbbec5d
ZLoader
f2e73ee6ab0ad79e0cd537bd856d9e694851912283bca7fb73eb3fc335528353
ZLoader
fffd7bc61eb5b9759a97699efdf9455b76d9e198b87d75ebdb8a2fa2a4a08306
ZLoader
+ 30 additional samples on MalwareBazaar
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

ZLoader

DLL dll 2f2670e8a7845cf300320415c6a16ffc34e662672f16d7cfcf5b911d088516d9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/347004/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
Reviews
IDCapabilitiesEvidence
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessA
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetStartupInfoW
KERNEL32.dll::GetCommandLineA
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::GetFileAttributesA

Comments