MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


ZLoader


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0
SHA3-384 hash: 1a043a3aabf4561bef40dfc0f9fc0ea29940ae6523fd1bc06ef369c33d946762d4a93855a391ffcda6c0efda6ef2297d
SHA1 hash: 8900c606f74981e2a96ff21889a7191973f0f2f4
MD5 hash: c10e7c7979c7e525d9e20a3829aa6990
humanhash: nevada-king-purple-don
File name:bub.m4a
Download: download sample
Signature ZLoader
Create hunting rule
File size:265'728 bytes
First seen:2020-07-01 20:55:22 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 6ffc60ee3a7794f7e0628f01c1d9dc95 (1 x ZLoader)
ssdeep 6144:u5cYu6OOJEs5nub4JDr5baXfjjCdlMU9o5dX:RUOOJEsi4xIXf/CdiUe5h
Threatray 152 similar samples on MalwareBazaar
TLSH 4D44AEC20CEC64BCE206FB3D795AF94D906DCAD9E7136801325A922A9DFB153E44C76C
Reporter Racco42
Tags:m4a ZLoader

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
n/a
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/18270/
Detection(s):
SecuriteInfo.com.Trojan.GenericKD.34094483.17083.15013.UNOFFICIAL
Create hunting rule

Detection:
n/a
Link:
https://mwdb.cert.pl/sample/431a34f1ab6dec2c646b408b9b5ce091882244fde39498484fc0c73390d8f7f0/
Threat name:
Win32.Trojan.ZLoader
Create hunting rule
Status:
Malicious
First seen:
2020-06-30 13:40:15 UTC
AV detection:
23 of 29 (79.31%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=imndj4nlnxwcyzdlicfzwxhasgecerh54okjqscpyddthegy67ya._file
Verdict:
malicious
Label(s):
zloader
Create hunting rule
Similar samples:
00272dd639402fa76db43207d074fe52d4849e5d46008f786b944a789b09afc2
ZLoader
0c8569e4304f46352b041dcb692f85c9e195130db2013d4f2216130603478035
ZLoader
23843640cfae43671a48b17dc4fe585a8e37e3767039f82448077c5b54694a57
ZLoader
25d19c2c3cb08b7634e2bc8ec87f05765bca558e74899c9e71e576d23cd70266
ZLoader
345f9fe448241c80424ef0480515898ddbb13369d8a959e6917d3219e73bfca8
ZLoader
56f9b54e1e16887d66b8b9b7ea71d610951c18662a132cf7c9900d67b9745e81
ZLoader
5b831fb067dfb53992bb8a346e4fc038de6441a94ad5a3932dc8bd64f80e56fc
ZLoader
8a07427bbf6b92d273580d2806da69c0059aa574a63dad2bd061445c985d67be
ZLoader
a2387ef5d3af113c8c902f478df1c2d7f7a7acf729873b13508c1f1915bf5000
ZLoader
dec5d4a8805defd810a545d6cb3e46cb7bb72a63f0d1c60cef82baf15bfad39b
ZLoader
+ 142 additional samples on MalwareBazaar
Result
Malware family:
zloader
Create hunting rule
Score:
  10/10
Tags:
trojan botnet family:zloader persistence
Link:
https://tria.ge/reports/200701-hvsl9g117n/
Behaviour
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetThreadContext
Adds Run entry to start application
Zloader, Terdot, DELoader, ZeusSphinx
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other
Cape
Cape
https://www.capesandbox.com/analysis/18270/

Comments